Infected with malware, IE redirect - DDS hangs system

Status
Not open for further replies.
ken545,

Very happy to report that the offline dump of my infected MBR was successful. Finally! Feels good to be making some progress. Attached is the mbr.zip for your review. (Sent from uninfected machine.)

Many thanks!!
Jess
 
Jess,

Just looking at the dump file now, it basically looks ok , I do see a hidden partition but that could have been put there by your manufacturer. This looks like a Dell computer

I have sent that dump file up to VirusTotal to be analysed and it came back as ok.

I want to have someone else take another look, be back in a bit
 
Last edited:
Jess,

This is what we are up against, malware has installed an infected hidden partition within your Master Boot Record and set that partition as active so everytime you boot up your system it boots from the infected partition and the malware is activated.

aswMBR has been updated to remove the rogue partition, lets give it more more shot , hang on to your usb drive with xPud as if aswMBR wont run than we will need it, first drag aswMBR that you have on your desktop to the trash and download a fresh new copy, when you run it let it update if it asks


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png
 
ken545,

aswMBR.exe did not run. It did nothing. (I had made sure all monitoring software was turn off.) Double-clicked a second time, nothing.
Just to make sure, I repeated the procedure with trashing the old, downloading a fresh copy of the new, made sure the monitoring software was off and nothing again.

Seems this malware really has control over my machine.

What is the next step in ousting this hostile takeover?

Thanks much,
Jess
 
Jess,

Go to Start > Control Panel> Admistrative Tools> Computer Management > Disk Management, expand the picture , then press ALT. . . .PrtScr ( Print screen ) and paste it into a picture editor ( Paint would do fine ) name the file DiskMange and save the file to your desktop and then attach it to your next reply
 
You may want to print this out so you can follow along.

  • Download tdl_fix.sh and save it to the xPUD flash drive.
  • Boot into xPUD then click the File tab.
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh then press Enter.
  • Read the warning then type y and press Enter to continue.
  • Type sda then press Enter when prompted.
  • You will be shown a list of partitions to choose marking active.
  • Type 2 then press Enter.
  • If you are presented with a warning about no bootloader files, type n then press Enter to choose another. If this happens, type 2 to select partition 2 then press Enter.
  • When you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter.
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_fix.txt file that was created on your flash drive and let me know how the computer is behaving.

Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.
This is a backup of the original mbr and will restore it to it's current state.
 
ken545,

The program worked on the first attempt. The first time through it came back with "Does this look correct?" for the partition. It quickly completed with no issues. I rebooted normally into Windows. The machine is not longer running sluggish. I didn't realize how slow it had become. (Seems like I just upgraded!) I tried the dreaded IE search for "system restore" which was causing the original redirect. It worked!! I was able to navigate through the search results and back with no problems. I also tried other similar "restore" searches with no issues. It seems to be working as it should be.

Here is the txt file from the program run.

Is the machine now clean? Do you know what are the security concerns and ramifications from this malware would be?

I am deeply grateful for your assistance with this problem. I know it is not easy trying to debug from remote control.

Jess :D:
 
One more step Jess, what we have done was to set the legit partition as active but the rogue partition is still there, just run this and it will remove the bad partition.




  • Boot into xPUD then click the File tab.
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh -delete then press Enter.
  • ** Make sure to leave a space to either side of tdl_fix.sh in the command.
  • You should be notified of a hidden partition found and prompted to delete it.
  • Type y then press Enter.
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_delete.txt file that was created on your flash drive.

Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.





Then go to Disk Management once more and attach a new screenshot
 
ken545,

Elated to report the hidden partition has been deleted!! Those 2MB are gone!

I have attached the Disk Management screen shot and the txt output file from the delete.

I've been reviewing the forum for ways to prevent further intrusions and will apply the practices as soon as my machine is deemed "clean".

Thanks for your time and expertise,
Jess
 
Good Morning Jess,

Wonderful, when where done I will give you some tips and links to free programs to install that can help you keep your system more secure.


Things should run fairly well now, so open Malwarebytes , check for updates and run the Quick Scan removing what it finds, post the log please but dont bother if nothing is found.

Then run aswMBR just to scan, dont fix anything and post that log.


OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
ken545,
I'm glad to finally be at the point to run the scans and produce logs. A big thanks to you!
Here are the results:
Malware bytes - No malicious items were detected.
aswMBR - downloaded the latest Avast! virus definitions - attached produced txt file.
OTL completed with no issues - logs listed below (Lots of things in log I have no idea what they are or where the came from.)

OTL.txt:
OTL logfile created on: 2/14/2012 10:12:40 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brenda Poland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 536.63 Mb Available Physical Memory | 52.50% Memory free
30.20 Gb Paging File | 29.89 Gb Available in Paging File | 98.99% Paging File free
Paging file location(s): C:\pagefile.sys 30000 50000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 83.72 Gb Free Space | 58.07% Space Free | Partition Type: NTFS

Computer Name: D6KX9PB1 | User Name: Brenda Poland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccHPEC.DLL ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccFLIB.DLL ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcccfg.dll ()
MOD - C:\WINDOWS\system32\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/24 20:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 10:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/16 10:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/24 20:08:03 | 000,000,000 | ---D | M]

[2010/08/19 10:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/17 08:49:17 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\searchplugins\search.xml
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2012/02/10 09:38:18 | 000,442,741 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 www.1800searchonline.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 15219 more lines...
O2 - BHO: (Reg Error: Value error.) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT1\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.0.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A9F30A-15CF-4635-8B39-9399F6194D80}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 09:29:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 13:30:17 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/10 18:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\My Documents\Downloads
[2012/02/09 15:05:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/09 10:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/09 10:15:24 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 10:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/09 10:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/09 10:14:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/09 10:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/09 10:12:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 08:59:55 | 004,399,011 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 19:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Application Data\Malwarebytes
[2012/02/08 19:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/08 19:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/08 19:54:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/08 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/08 19:53:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:07:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/08 13:38:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/08 13:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT1
[2012/02/08 13:34:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/08 13:05:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brenda Poland\Recent
[2012/02/08 09:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/08 09:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/07 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2012/02/07 13:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01
[2012/01/23 08:18:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006/08/28 22:19:24 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/08/28 22:19:24 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/08/28 22:19:24 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/08/28 22:19:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/08/28 22:19:24 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/08/28 22:19:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2006/08/28 22:19:24 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/08/28 22:19:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/08/28 22:19:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2006/08/28 22:19:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/08/28 22:19:24 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 10:02:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 10:01:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/14 09:29:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/14 09:02:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 08:01:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/14 08:01:42 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 21:53:00 | 000,024,030 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2012/02/13 20:40:27 | 000,057,952 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:36 | 000,058,184 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/13 14:06:57 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 13:30:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/13 13:16:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 09:38:18 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/09 21:18:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:28:08 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120210-093818.backup
[2012/02/09 18:20:22 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 18:18:50 | 002,041,278 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 15:49:35 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 15:24:40 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-182808.backup
[2012/02/09 13:33:02 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/09 12:29:52 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-152440.backup
[2012/02/09 10:23:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2012/02/09 09:57:51 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-122952.backup
[2012/02/09 08:59:55 | 004,399,011 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/09 08:47:09 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-095750.backup
[2012/02/08 21:40:55 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 21:30:33 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-084709.backup
[2012/02/08 21:10:13 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-213033.backup
[2012/02/08 20:51:04 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:54:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:53:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:12:04 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 19:09:22 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-211013.backup
[2012/02/08 19:03:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:38:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:40 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/08 13:35:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/08 13:30:20 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-190922.backup
[2012/02/08 09:37:50 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-133019.backup
[2012/02/07 19:53:01 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-093749.backup
[2012/02/07 15:51:32 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:43 | 001,339,719 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:12 | 000,859,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2012/02/06 18:38:34 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120207-195300.backup
[2012/02/06 17:15:05 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-183833.backup
[2012/02/06 16:04:30 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-171505.backup
[2012/02/06 14:51:15 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-160430.backup
[2012/02/06 12:14:23 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-145115.backup
[2012/02/06 10:42:46 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-121423.backup
[2012/02/04 16:58:55 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-104246.backup
[2012/01/31 11:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/30 22:56:20 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\Silicone Space Station Guide.wps
[2012/01/30 22:08:55 | 000,441,842 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120204-165854.backup
[2012/01/25 20:31:40 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/01/23 08:18:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/22 09:45:11 | 000,441,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120130-220854.backup
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 10:01:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/13 20:40:22 | 000,057,952 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:27 | 000,058,184 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/09 19:49:47 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:18:39 | 002,041,278 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 13:59:50 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 12:26:58 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/09 10:23:21 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/09 10:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/09 10:14:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/09 10:14:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/09 10:14:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/09 10:14:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/09 10:14:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 08:58:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/08 21:40:52 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 19:54:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:40:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:11:58 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 15:32:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:36:40 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/07 15:51:32 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:30 | 001,339,719 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:07 | 000,859,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2010/08/10 15:59:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\housecall.guid.cache
[2010/03/10 10:47:47 | 000,000,186 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/16 08:56:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/12 13:13:58 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 09:21:56 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/10 09:21:56 | 000,003,453 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/03/01 15:46:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/01 10:17:24 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/03/01 08:01:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/03/01 08:01:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/03 08:40:28 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/02 11:56:46 | 000,024,030 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2006/09/04 14:54:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/09/04 14:21:18 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\fusioncache.dat
[2006/08/28 23:05:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/28 22:59:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/28 22:53:47 | 000,000,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/28 22:50:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/28 22:47:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/28 22:19:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/08/28 22:19:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/08/28 22:19:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/08/28 22:19:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/08/28 22:19:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/08/28 22:19:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/08/28 22:19:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/08/28 22:19:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/08/28 22:19:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/08/28 22:19:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/28 22:18:58 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/08/28 22:18:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,553,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,117,452 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/08/28 17:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/08/19 17:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/09/22 15:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/07/24 20:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/04/19 18:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2006/08/28 22:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/23 16:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Amazon
[2007/03/01 09:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\BellSouth
[2006/09/17 15:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Leadertech
[2011/08/19 17:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\PC Suite
[2006/09/07 08:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Simple Star
[2007/08/07 17:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Souptoys
[2006/12/02 11:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Template
[2006/11/19 07:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brenda Poland\Application Data\Walgreens
[2006/10/02 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\EarthLink Toolbar
[2006/09/08 06:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Poland\Application Data\EarthLink Toolbar

========== Purity Check ==========



< End of report >
 
Here is the Extras.txt:

OTL Extras logfile created on: 2/14/2012 10:12:41 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brenda Poland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 536.63 Mb Available Physical Memory | 52.50% Memory free
30.20 Gb Paging File | 29.89 Gb Available in Paging File | 98.99% Paging File free
Paging file location(s): C:\pagefile.sys 30000 50000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 83.72 Gb Free Space | 58.07% Space Free | Partition Type: NTFS

Computer Name: D6KX9PB1 | User Name: Brenda Poland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{566FE0E6-599E-4324-A733-613CC2A19ACA}" = Before You Know It 3.6
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 14
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BellSouth" = BellSouth FastAccess DSL Help Center
"BellSouth Application Management" = BellSouth Application Management
"blstoolbar" = BellSouth Toolbar 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"PhotoShow Express" = PhotoShow Express
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.3.20
"RealFlightBasic" = RealFlight Basic R/C Simulator
"RealPlayer 6.0" = RealPlayer Basic
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TmPcc" = Trend Micro PC-cillin Internet Security 14
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2012 10:54:10 AM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/8/2012 1:29:12 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/8/2012 1:59:05 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/8/2012 2:13:04 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/8/2012 2:15:52 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/8/2012 8:59:38 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/8/2012 9:01:34 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/8/2012 9:54:16 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/8/2012 10:05:08 PM | Computer Name = D6KX9PB1 | Source = Media Center Scheduler | ID = 0
Description =

Error - 2/9/2012 9:42:47 AM | Computer Name = D6KX9PB1 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

[ System Events ]
Error - 2/10/2012 4:20:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/10/2012 4:20:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/10/2012 4:35:00 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/10/2012 4:35:00 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 2/10/2012 5:05:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/10/2012 5:05:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.

Error - 2/10/2012 6:05:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/10/2012 6:05:01 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 120 minutes. NtpClient has no source of accurate
time.

Error - 2/10/2012 8:05:02 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 240 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/10/2012 8:05:02 PM | Computer Name = D6KX9PB1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 240 minutes. NtpClient has no source of accurate
time.


< End of report >

The scans did find more malware. I did not run any fixes.
Please let me know what the next will be.

Many thanks,
Jess
 
Jess, most of what we are removing are infected entries for your hosts file.

I did not see the attached aswMBR log, you can just go ahead and copy and paste it in


Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL
[2012/02/09 18:28:08 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120210-093818.backup
[2012/02/09 09:57:51 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-122952.backup
[2012/02/09 12:29:52 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-152440.backup
[2012/02/09 09:57:51 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-122952.backup
[2012/02/09 08:47:09 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-095750.backup
[2012/02/08 21:30:33 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-084709.backup
[2012/02/08 21:10:13 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-213033.backup
[2012/02/08 19:09:22 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-211013.backup
[2012/02/08 13:30:20 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-190922.backup
[2012/02/08 09:37:50 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-133019.backup
[2012/02/07 19:53:01 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120208-093749.backup
[2012/02/06 18:38:34 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120207-195300.backup
[2012/02/06 17:15:05 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-183833.backup
[2012/02/06 16:04:30 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-171505.backup
[2012/02/06 14:51:15 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-160430.backup
[2012/02/06 12:14:23 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-145115.backup
[2012/02/06 10:42:46 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-121423.backup
[2012/02/04 16:58:55 | 000,442,655 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120206-104246.backup
[2012/01/22 09:45:11 | 000,441,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120130-220854.backup
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.


:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
Sorry ken545, I thought I had attached the aswMBR log. Here is the log for your review while I remove the unwanted infected entries.

BTW, I found this unusual file in C:\Program Files\Dl_cats with an upload and userid and password with a link. Would you please take a look at it and let me know if it is legit. I've changed the folder name but it keeps changing back to the original.

I'll post my other two log results as soon as the program finish.

As always, thanks so much,
Jess
 
Jess, still some malware present, I want to run Combofix as aswMBR found a bad entry but I want to wait to see the OTL logs from both the fix and the new scan.


FYI
Do you have a lexmark printer?

If so both dl_cats and lx_cats are part of that. I think that they report ink and printer utilization and other stuff back to lexmark.
 
ken545,
My machine was worse off than I thought.

I have a Dell printer, probably a re-branded Lexmark. Thanks for look at that. Any way to get rid of it??

No problems running the fix or the new scan... making progress!!

Here is the log for the fix:
All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20120210-093818.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-122952.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-152440.backup moved successfully.
File C:\WINDOWS\System32\drivers\etc\hosts.20120209-122952.backup not found.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-095750.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-084709.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-213033.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-211013.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-190922.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-133019.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120208-093749.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120207-195300.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-183833.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-171505.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-160430.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-145115.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-121423.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120206-104246.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120130-220854.backup moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry value HKEY_USERS\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Brenda Poland\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brenda Poland\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Brenda Poland
->Temp folder emptied: 72750568 bytes
->Temporary Internet Files folder emptied: 52977253 bytes
->Java cache emptied: 9251626 bytes
->FireFox cache emptied: 56878256 bytes
->Flash cache emptied: 1718 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65938 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Poland Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Randy Poland
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 152081 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 54721825 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 185972 bytes
RecycleBin emptied: 28438054 bytes

Total Files Cleaned = 263.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02142012_133304

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_204.dat not found!

Registry entries deleted on Reboot...



Here is the new OTL scan log:
OTL logfile created on: 2/14/2012 1:40:27 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brenda Poland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 324.07 Mb Available Physical Memory | 31.71% Memory free
30.20 Gb Paging File | 29.65 Gb Available in Paging File | 98.17% Paging File free
Paging file location(s): C:\pagefile.sys 30000 50000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 83.98 Gb Free Space | 58.24% Space Free | Partition Type: NTFS

Computer Name: D6KX9PB1 | User Name: Brenda Poland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security 14\PcSSE.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security 14\tmdbg.dll ()
MOD - C:\WINDOWS\system32\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/24 20:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 10:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/16 10:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/24 20:08:03 | 000,000,000 | ---D | M]

[2010/08/19 10:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/17 08:49:17 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\searchplugins\search.xml
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2012/02/14 13:33:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT1\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.0.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A9F30A-15CF-4635-8B39-9399F6194D80}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 13:33:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/14 09:29:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 13:30:17 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/10 18:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\My Documents\Downloads
[2012/02/09 15:05:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/09 10:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/09 10:15:24 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 10:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/09 10:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/09 10:14:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/09 10:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/09 10:12:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 08:59:55 | 004,399,011 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 19:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Application Data\Malwarebytes
[2012/02/08 19:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/08 19:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/08 19:54:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/08 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/08 19:53:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:07:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/08 13:38:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/08 13:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT1
[2012/02/08 13:34:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/08 13:05:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brenda Poland\Recent
[2012/02/08 09:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/08 09:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/07 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2012/02/07 13:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01
[2012/01/23 08:18:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006/08/28 22:19:24 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/08/28 22:19:24 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/08/28 22:19:24 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/08/28 22:19:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/08/28 22:19:24 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/08/28 22:19:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2006/08/28 22:19:24 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/08/28 22:19:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/08/28 22:19:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2006/08/28 22:19:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/08/28 22:19:24 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 13:35:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 13:35:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/14 13:35:04 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/14 13:33:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/14 13:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 10:01:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/14 09:29:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 21:53:00 | 000,024,030 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2012/02/13 20:40:27 | 000,057,952 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:36 | 000,058,184 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/13 14:06:57 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 13:30:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/13 13:16:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 09:38:18 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120214-132629.backup
[2012/02/09 21:18:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:20:22 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 18:18:50 | 002,041,278 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 15:49:35 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 15:24:40 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-182808.backup
[2012/02/09 13:33:02 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/09 10:23:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2012/02/09 08:59:55 | 004,399,011 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 21:40:55 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 20:51:04 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:54:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:53:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:12:04 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 19:03:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:38:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:40 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/08 13:35:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/07 15:51:32 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:43 | 001,339,719 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:12 | 000,859,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2012/01/31 11:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/30 22:56:20 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\Silicone Space Station Guide.wps
[2012/01/30 22:08:55 | 000,441,842 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120204-165854.backup
[2012/01/25 20:31:40 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/01/23 08:18:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 10:01:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/13 20:40:22 | 000,057,952 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:27 | 000,058,184 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/09 19:49:47 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:18:39 | 002,041,278 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 13:59:50 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 12:26:58 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/09 10:23:21 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/09 10:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/09 10:14:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/09 10:14:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/09 10:14:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/09 10:14:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/09 10:14:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 08:58:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/08 21:40:52 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 19:54:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:40:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:11:58 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 15:32:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:36:40 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/07 15:51:32 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:30 | 001,339,719 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:07 | 000,859,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2010/08/10 15:59:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\housecall.guid.cache
[2010/03/10 10:47:47 | 000,000,186 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/16 08:56:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/12 13:13:58 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 09:21:56 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/10 09:21:56 | 000,003,453 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/03/01 15:46:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/01 10:17:24 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/03/01 08:01:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/03/01 08:01:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/03 08:40:28 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/02 11:56:46 | 000,024,030 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2006/09/04 14:54:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/09/04 14:21:18 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\fusioncache.dat
[2006/08/28 23:05:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/28 22:59:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/28 22:53:47 | 000,000,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/28 22:50:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/28 22:47:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/28 22:19:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/08/28 22:19:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/08/28 22:19:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/08/28 22:19:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/08/28 22:19:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/08/28 22:19:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/08/28 22:19:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/08/28 22:19:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/08/28 22:19:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/08/28 22:19:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/28 22:18:58 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/08/28 22:18:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,553,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,117,452 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

< End of report >


Thanks for your help,
Jess
 
Jess,

Those files are related to this printer, Dell Photo AIO Printer 924, there not harmful so just leave them be


You had so many back up entries for the hosts file that I may have missed these

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses


:OTL
[2012/02/10 09:38:18 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120214-132629.backup
[2012/02/09 15:24:40 | 000,442,741 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-182808.backup


:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
ken545,

Thank you for being so thorough.

Here is the log from the OTL fix:

All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20120214-132629.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20120209-182808.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Brenda Poland\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Brenda Poland\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Brenda Poland
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29772347 bytes
->Flash cache emptied: 291 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Poland Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Randy Poland
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02142012_185913

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_62c.dat not found!

Registry entries deleted on Reboot...


Here is the log from the new OTL scan:

OTL logfile created on: 2/14/2012 7:04:56 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Brenda Poland\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 323.80 Mb Available Physical Memory | 31.68% Memory free
30.20 Gb Paging File | 29.65 Gb Available in Paging File | 98.18% Paging File free
Paging file location(s): C:\pagefile.sys 30000 50000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 84.04 Gb Free Space | 58.29% Space Free | Partition Type: NTFS

Computer Name: D6KX9PB1 | User Name: Brenda Poland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security 14\PcSSE.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security 14\tmdbg.dll ()
MOD - C:\WINDOWS\system32\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/24 20:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/19 10:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/16 10:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/24 20:08:03 | 000,000,000 | ---D | M]

[2010/08/19 10:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/17 08:49:17 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\Mozilla\Firefox\Profiles\jcs6xakz.default\searchplugins\search.xml
[2010/08/19 10:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2012/02/14 18:59:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT1\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3120691911-3222514972-401631166-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.0.cab (DLM Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 13:33:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/14 09:29:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 13:30:17 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/10 18:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\My Documents\Downloads
[2012/02/09 15:05:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/09 10:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/09 10:15:24 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 10:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/09 10:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/09 10:14:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/09 10:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/09 10:12:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 08:59:55 | 004,399,011 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 19:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Application Data\Malwarebytes
[2012/02/08 19:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/08 19:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/08 19:54:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/08 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/08 19:53:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:07:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/08 13:38:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/08 13:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT1
[2012/02/08 13:34:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/08 13:05:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brenda Poland\Recent
[2012/02/08 09:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/08 09:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/07 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2012/02/07 13:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01
[2012/01/23 08:18:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006/08/28 22:19:24 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/08/28 22:19:24 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/08/28 22:19:24 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/08/28 22:19:24 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/08/28 22:19:24 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/08/28 22:19:24 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2006/08/28 22:19:24 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/08/28 22:19:24 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/08/28 22:19:24 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2006/08/28 22:19:24 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/08/28 22:19:24 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 19:02:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 19:01:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 19:01:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/14 19:01:14 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/14 18:59:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/14 10:01:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/14 09:29:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brenda Poland\Desktop\OTL.exe
[2012/02/13 21:53:00 | 000,024,030 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2012/02/13 20:40:27 | 000,057,952 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:36 | 000,058,184 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/13 14:06:57 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 13:30:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Brenda Poland\Desktop\aswMBR.exe
[2012/02/13 13:16:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/09 21:18:09 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:20:22 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brenda Poland\Desktop\TDSSKiller.exe
[2012/02/09 18:18:50 | 002,041,278 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 15:49:35 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 13:33:02 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/09 10:23:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2012/02/09 08:59:55 | 004,399,011 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\ComboFix.exe
[2012/02/08 21:40:55 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 20:51:04 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:54:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:53:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brenda Poland\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/08 19:12:04 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 19:03:32 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:38:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brenda Poland\Desktop\dds.scr
[2012/02/08 13:36:40 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/08 13:35:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Brenda Poland\Desktop\erunt-setup.exe
[2012/02/07 15:51:32 | 000,043,876 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:43 | 001,339,719 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:12 | 000,859,992 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2012/01/31 11:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/30 22:56:20 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Brenda Poland\Desktop\Silicone Space Station Guide.wps
[2012/01/30 22:08:55 | 000,441,842 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120204-165854.backup
[2012/01/25 20:31:40 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/01/23 08:18:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\Documents and Settings\Brenda Poland\*.tmp files -> C:\Documents and Settings\Brenda Poland\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 10:01:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBR.dat
[2012/02/13 20:40:22 | 000,057,952 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange-del.GIF
[2012/02/13 14:15:27 | 000,058,184 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\DiskMange.GIF
[2012/02/09 19:49:47 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix3.wps
[2012/02/09 18:18:39 | 002,041,278 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\tdsskiller.zip
[2012/02/09 17:56:57 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\MBRCheck.exe
[2012/02/09 13:59:50 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix2.wps
[2012/02/09 12:26:58 | 1071,796,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/09 10:23:21 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/02/09 10:23:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/09 10:14:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/09 10:14:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/09 10:14:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/09 10:14:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/09 10:14:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 08:58:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-09-fix.wps
[2012/02/08 21:40:52 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\unhide.exe
[2012/02/08 19:54:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:40:26 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08-fix.wps
[2012/02/08 19:11:58 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rkill.exe
[2012/02/08 15:32:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\spybot-forum-post 2012-02-08.wps
[2012/02/08 13:36:40 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/08 13:36:16 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\ERUNT.lnk
[2012/02/07 15:51:32 | 000,043,876 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_15_51].cab
[2012/02/07 14:59:58 | 000,007,145 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\requested-files[2012-02-07_14_59].cab
[2012/02/07 14:49:30 | 001,339,719 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\rootalyz-0.3.4.47.zip
[2012/02/07 07:45:07 | 000,859,992 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Desktop\snlTCNTplugins01.zip
[2010/08/10 15:59:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\housecall.guid.cache
[2010/03/10 10:47:47 | 000,000,186 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 11:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/16 08:56:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/12 13:13:58 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 09:21:56 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/10 09:21:56 | 000,003,453 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/03/01 15:46:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/01 10:17:24 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/03/01 08:01:34 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/03/01 08:01:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/12/03 08:40:28 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/02 11:56:46 | 000,024,030 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Application Data\wklnhst.dat
[2006/09/04 14:54:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/09/04 14:21:18 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Brenda Poland\Local Settings\Application Data\fusioncache.dat
[2006/08/28 23:05:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/28 22:59:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/28 22:53:47 | 000,000,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/28 22:50:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/28 22:47:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/28 22:19:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/08/28 22:19:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/08/28 22:19:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/08/28 22:19:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/08/28 22:19:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/08/28 22:19:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/08/28 22:19:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/08/28 22:19:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/08/28 22:19:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/08/28 22:19:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/08/28 22:19:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/28 22:18:58 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/08/28 22:18:26 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,553,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,117,452 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

< End of report >

The OTL program seems to be comprehensive and powerful in the right hands.... and dangerous in the (uneducated) wrong hands.

Gratefully, one who is unknowing.
Jess
 
Status
Not open for further replies.
Back
Top