Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine Redirect Virus [Closed]

Started by silvertbss , Apr 25 2009 06:36 PM

  • This topic is locked This topic is locked

#1
silvertbss
Posted 25 April 2009 - 06:36 PM

silvertbss

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

Well for starters, I have some knowledge about computers, but not too much on the registry and such.

Anytime I do a google, yahoo, ask, etc search, the first time I click on a site it redirects to another random site, typically some real estate or other non-related site to what I searched for. I have done the basic removal procedure for most common malware/spyware that this site has listed, and it did not remove the problem.

I ran the Rooter log:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:150675 Mo/Free:3497 Mo)
D:\ [Fixed] - FAT32 - (Total:5636 Mo/Free:972 Mo)
E:\ [CD-Rom] (Total:236 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)

Sat 04/25/2009|17:22

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\windows\system\hpsysdrv.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\CTsvcCDA.exe
---------- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
---------- C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
---------- C:\HP\KBD\KBD.EXE
---------- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
---------- C:\WINDOWS\LTMSG.exe
---------- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
---------- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
---------- C:\WINDOWS\system32\CTHELPER.EXE
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\MsPMSPSv.exe
---------- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.208,85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.208,85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.208,85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{34A6DA07-11CB-4D3F-82E6-02382D041EF0}]
NameServer REG_SZ 85.255.112.208,85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{34A6DA07-11CB-4D3F-82E6-02382D041EF0}]
NameServer REG_SZ 85.255.112.208,85.255.112.79
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{34A6DA07-11CB-4D3F-82E6-02382D041EF0}]
NameServer REG_SZ 85.255.112.208,85.255.112.79
==> WAREOUT <==

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 04/25/2009|17:23

----------------------\\ Scan completed at 17:23


And the OTListIt2 Logs:




OTListIt logfile created on: 4/25/2009 5:23:55 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 605.12 Mb Available Physical Memory | 59.12% Memory free
2.41 Gb Paging File | 2.09 Gb Available in Paging File | 86.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 59.41 Gb Free Space | 40.38% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.95 Gb Free Space | 17.25% Space Free | Partition Type: FAT32
Drive E: | 236.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/09 12:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [1998/05/07 16:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe
PRC - [2009/04/22 17:14:56 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2002/10/07 07:23:20 | 00,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
PRC - [2003/02/11 20:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2003/08/19 08:01:00 | 00,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/07/14 17:52:44 | 00,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\LTMSG.exe
PRC - [2003/08/14 21:11:32 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/06/18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
PRC - [2003/10/05 23:57:32 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2009/03/09 12:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2003/10/08 16:35:42 | 00,139,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
PRC - [2003/10/10 22:26:40 | 00,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
PRC - [2009/04/22 17:14:56 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2009/04/22 18:17:31 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 17:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2009/04/25 17:23:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 12:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/04/22 17:14:56 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (Norton AntiVirus [Auto | Running])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/10/07 18:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2009/04/22 17:15:04 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/04/22 17:15:04 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2003/11/04 23:26:02 | 00,645,392 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2003/11/18 19:13:54 | 00,366,160 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2003/10/13 20:17:56 | 00,332,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2003/10/07 19:08:12 | 00,006,096 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2003/10/07 19:09:10 | 00,130,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2009/04/22 17:15:04 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2003/10/13 02:42:12 | 00,145,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2009/04/22 17:15:04 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2003/06/19 01:59:00 | 00,140,800 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k [Boot | Running])
DRV - [2004/12/16 14:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
DRV - [2003/01/15 23:05:54 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
DRV - [2008/04/13 11:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2003/10/21 02:26:08 | 00,904,496 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2003/10/21 02:23:44 | 00,148,432 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2003/04/15 17:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2009/04/22 17:15:04 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2009/03/09 12:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2003/07/01 23:33:00 | 00,652,497 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2009/04/22 17:15:04 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090425.020\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/04/22 17:15:04 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090425.020\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 22:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/07/30 02:15:00 | 00,126,348 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\nvcap.sys -- (nvcap [Auto | Stopped])
DRV - [2003/07/30 02:15:00 | 00,013,006 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVxbar.sys -- (NVXBAR [Auto | Stopped])
DRV - [2003/09/02 23:51:00 | 00,021,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2003/10/07 19:06:50 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2003/09/03 10:01:22 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfDetNT [Auto | Running])
DRV - [2001/06/04 14:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/07/30 09:02:00 | 00,017,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2002/10/04 17:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2004/08/03 22:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Stopped])
DRV - [2007/11/13 01:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/05/06 15:34:56 | 00,394,752 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
DRV - [2003/02/20 16:18:36 | 00,036,608 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
DRV - [2003/04/11 08:51:30 | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys -- (SiSkp [System | Running])
DRV - [2009/04/22 17:15:05 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/04/22 17:15:05 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2003/08/13 21:50:36 | 00,039,648 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])
DRV - [2009/04/22 17:15:05 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/04/22 17:15:24 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/04/22 17:15:05 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/04/22 17:15:05 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/04/22 17:15:05 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/04/22 17:15:05 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/04/22 17:15:05 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/04/22 17:15:05 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2004/02/04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2003/07/02 11:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2003/08/11 21:09:18 | 00,265,344 | ---- | M] (Copyright © VIA/S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Stopped])
DRV - [2003/04/15 17:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/04/15 17:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/22 18:17:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 18:17:34 | 00,000,000 | ---D | M]

[2008/06/21 19:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/06/21 19:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/25 16:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\dxsivru1.default\extensions
[2009/04/07 13:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\dxsivru1.default\extensions\[email protected]
[2009/04/25 17:19:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 18:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/10 17:23:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/16 16:24:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/06/14 15:52:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/22 18:17:31 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 18:17:31 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/28 17:15:27 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/28 17:15:27 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/28 17:15:27 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 18:25:18 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/28 17:15:27 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/28 17:15:27 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/28 17:15:27 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - Reg Error: Key error. File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: () - - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE ()
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [LTMSG] LTMSG.exe 7 (Agere Systems)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe File not found
O4 - HKCU..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.208,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{34A6DA07-11CB-4D3F-82E6-02382D041EF0}\\NameServer = 85.255.112.208,85.255.112.79
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 19:32:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2001/11/02 09:49:02 | 00,069,632 | R--- | M] () - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2001/11/02 09:49:02 | 00,000,676 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{20211ec4-82b3-11dd-8484-000ea6338442}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O33 - MountPoints2\{e349d5ba-d137-11dd-84ca-000ea6338442}\Shell - "" = AutoRun
O33 - MountPoints2\{e349d5ba-d137-11dd-84ca-000ea6338442}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e349d5ba-d137-11dd-84ca-000ea6338442}\Shell\AutoRun\command - "" = L:\ImageViewer4.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/25 17:23:48 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Owner\Desktop\OTListIt2.exe
[2009/04/25 17:22:13 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/25 17:22:07 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\Rooter.exe
[2009/04/25 16:13:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/25 16:13:01 | 00,000,622 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\NTREGOPT.lnk
[2009/04/25 16:13:01 | 00,000,603 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\ERUNT.lnk
[2009/04/25 16:13:00 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/25 16:05:42 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\Owner\Desktop\erunt_setup.exe
[2009/04/22 23:11:11 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/22 22:16:54 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/22 22:14:54 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/22 22:14:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/22 22:14:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/22 21:07:15 | 00,001,745 | ---- | C] () -- C:\DOCUME~1\Owner\Desktop\HijackThis.lnk
[2009/04/22 21:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/22 18:14:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/22 18:06:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/04/22 18:06:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/04/22 18:06:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/04/22 18:06:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/04/22 18:03:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/04/22 17:27:50 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/04/22 17:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec
[2009/04/22 17:16:04 | 02,137,154 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB
[2009/04/22 17:15:51 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/04/22 17:15:24 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/22 17:15:24 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/22 17:15:24 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/04/22 17:15:24 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/04/22 17:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/04/22 17:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/04/22 17:15:05 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.sys
[2009/04/22 17:15:05 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.sys
[2009/04/22 17:15:05 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symtdi.sys
[2009/04/22 17:15:05 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symfw.sys
[2009/04/22 17:15:05 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.sys
[2009/04/22 17:15:05 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndisv.sys
[2009/04/22 17:15:05 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndis.sys
[2009/04/22 17:15:05 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symids.sys
[2009/04/22 17:15:04 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys
[2009/04/22 17:15:04 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.sys
[2009/04/22 17:14:34 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.inf
[2009/04/22 17:14:34 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.inf
[2009/04/22 17:14:34 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.inf
[2009/04/22 17:14:34 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.inf
[2009/04/22 17:14:34 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.inf
[2009/04/22 17:14:34 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.inf
[2009/04/22 17:14:34 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini
[2009/04/22 17:14:18 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.cat
[2009/04/22 17:14:18 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.cat
[2009/04/22 17:14:18 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.cat
[2009/04/22 17:14:18 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.CAT
[2009/04/22 17:14:18 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.cat
[2009/04/22 17:14:18 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.cat
[2009/04/22 17:14:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1005000.086
[2009/04/22 17:14:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/04/22 17:14:14 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/04/22 17:14:14 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/04/22 17:14:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/22 17:09:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/04/22 17:09:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/04/22 17:07:33 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/04/22 17:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/22 16:54:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/04/12 11:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/11 12:21:12 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/11 12:21:12 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/11 12:21:12 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/04/11 12:21:12 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/04/07 13:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2008/07/20 16:26:38 | 00,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2008/07/20 16:26:38 | 00,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/07/20 16:26:04 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/07/20 16:26:04 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/07/20 16:25:50 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/11/03 16:51:35 | 00,000,030 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/09/03 12:23:37 | 00,000,563 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/07/06 20:57:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/03/16 17:03:50 | 00,000,897 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2005/11/28 15:59:14 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AIJLFJHM.ini
[2005/02/06 15:05:46 | 00,000,220 | -HS- | C] () -- C:\WINDOWS\dwin.sys
[2004/12/26 13:56:31 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/12/26 13:50:54 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/09/17 18:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/23 21:44:50 | 00,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2004/07/27 11:05:41 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AIJLFJH.ini
[2004/06/11 13:39:04 | 00,336,024 | ---- | C] () -- C:\WINDOWS\mxtarget.ini
[2004/06/11 10:56:33 | 00,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/28 11:14:37 | 00,003,911 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/03/27 15:39:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2004/03/16 20:42:43 | 00,000,611 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/03/16 18:24:33 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/03/16 18:24:32 | 00,000,512 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/03/15 18:49:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2004/03/15 16:49:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/03/14 19:24:17 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/10/13 22:41:40 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/13 22:40:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/13 22:24:52 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 15:52:52 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 15:52:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/10 22:33:40 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/10/10 22:33:10 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/10/10 22:33:10 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/10 22:29:24 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/10 22:24:47 | 00,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/10 22:24:29 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/10 22:23:52 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/10 22:18:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/10 22:07:37 | 00,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 20:31:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/10 20:23:54 | 00,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/10 20:05:09 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 19:56:51 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 19:56:51 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 19:56:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 19:35:14 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 19:22:28 | 00,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 19:22:20 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/10/10 19:22:18 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/09/23 01:19:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 22:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/03 15:42:27 | 00,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/04/25 17:23:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Owner\Desktop\OTListIt2.exe
[2009/04/25 17:22:08 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\Rooter.exe
[2009/04/25 17:19:58 | 04,935,161 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000004-20021102}.CDF
[2009/04/25 17:19:06 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/04/25 17:18:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/25 17:18:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/25 17:18:26 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/25 17:17:39 | 00,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/04/25 17:17:39 | 00,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/04/25 17:17:39 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/04/25 17:17:39 | 00,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000004-20021102}.rfx
[2009/04/25 17:17:39 | 00,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/04/25 17:17:39 | 00,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/04/25 17:17:39 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000004-20021102}.dat
[2009/04/25 17:17:39 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000004-20021102}.dat
[2009/04/25 16:13:01 | 00,000,622 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\NTREGOPT.lnk
[2009/04/25 16:13:01 | 00,000,603 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\ERUNT.lnk
[2009/04/25 16:05:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\Owner\Desktop\erunt_setup.exe
[2009/04/25 15:46:16 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/22 23:11:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/22 21:07:15 | 00,001,745 | ---- | M] () -- C:\DOCUME~1\Owner\Desktop\HijackThis.lnk
[2009/04/22 18:16:20 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/22 18:16:20 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/22 18:16:20 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/22 18:15:47 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\desktop.ini
[2009/04/22 18:15:39 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/22 18:13:56 | 00,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/22 18:12:02 | 02,137,154 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB
[2009/04/22 18:02:47 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/04/22 17:15:24 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/04/22 17:15:24 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/04/22 17:15:24 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/04/22 17:15:24 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/04/22 17:15:05 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.sys
[2009/04/22 17:15:05 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.sys
[2009/04/22 17:15:05 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symtdi.sys
[2009/04/22 17:15:05 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symfw.sys
[2009/04/22 17:15:05 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.sys
[2009/04/22 17:15:05 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndisv.sys
[2009/04/22 17:15:05 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndis.sys
[2009/04/22 17:15:05 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/04/22 17:15:05 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symids.sys
[2009/04/22 17:15:04 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys
[2009/04/22 17:15:04 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.sys
[2009/04/22 17:14:34 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.inf
[2009/04/22 17:14:34 | 00,001,753 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.inf
[2009/04/22 17:14:34 | 00,001,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.inf
[2009/04/22 17:14:34 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.inf
[2009/04/22 17:14:34 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.inf
[2009/04/22 17:14:34 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.inf
[2009/04/22 17:14:34 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini
[2009/04/22 17:14:18 | 00,009,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.cat
[2009/04/22 17:14:18 | 00,007,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.cat
[2009/04/22 17:14:18 | 00,007,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.cat
[2009/04/22 17:14:18 | 00,007,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.CAT
[2009/04/22 17:14:18 | 00,007,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.cat
[2009/04/22 17:14:18 | 00,007,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.cat
[2009/04/11 12:07:39 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 12:07:26 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
< End of report >
OTListIt Extras logfile created on: 4/25/2009 5:23:55 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 605.12 Mb Available Physical Memory | 59.12% Memory free
2.41 Gb Paging File | 2.09 Gb Available in Paging File | 86.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 59.41 Gb Free Space | 40.38% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.95 Gb Free Space | 17.25% Space Free | Partition Type: FAT32
Drive E: | 236.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2003/10/10 22:26:40 | 00,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903
[2008/03/17 19:53:21 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2007/10/16 15:09:31 | 04,793,584 | ---- | M] (Splash Damage, Ltd.) -- C:\Program Files\Valve\Steam\SteamApps\common\enemy territory quake wars demo\etqw.exe:*:Enabled:Enemy Territory: QUAKE Wars Demo
[2007/06/16 18:40:36 | 40,635,183 | ---- | M] (The Design Assembly GmbH) -- C:\Program Files\Valve\Steam\SteamApps\achtung454\codename gordon\cg.exe:*:Enabled:Codename Gordon
[2007/09/17 17:56:29 | 04,725,784 | ---- | M] () -- C:\Program Files\Valve\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme
[2009/03/14 16:49:02 | 00,098,304 | ---- | M] () -- C:\Program Files\Valve\Steam\SteamApps\achtung454\team fortress 2\hl2.exe:*:Enabled:hl2
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ311
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"C56C66C3-3462-4A3F-8661-9E18362A5E7C" = Excavation from Hewlett-Packard Desktops (remove only)
"CCleaner" = CCleaner (remove only)
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DA44615A-C243-46A4-8E47-184CFF33CD38" = Five Card Frenzy from Hewlett-Packard Desktops (remove only)
"E28167F1-3F42-40C7-9119-1D5A97444F10" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"hp deskjet 825c series" = hp deskjet 825c series (Remove only)
"hp deskjet 825c series_Driver" = hp deskjet 825c series
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HPTOOLKIT" = toolkit
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"NAV" = Norton AntiVirus
"NVIDIA GART Driver" = NVIDIA GART Driver
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"SpamSubtract" = SpamSubtract
"SysInfo" = Creative System Information
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows XP Service Pack" = Windows XP Service Pack 3
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/25/2009 7:37:45 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:49 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:49 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:49 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:49 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:49 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:52 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:52 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:52 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/25/2009 7:37:52 PM | Computer Name = RYAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 4/25/2009 6:46:39 PM | Computer Name = RYAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/25/2009 6:46:39 PM | Computer Name = RYAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/25/2009 6:48:10 PM | Computer Name = RYAN | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/25/2009 8:19:56 PM | Computer Name = RYAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 4/25/2009 8:19:56 PM | Computer Name = RYAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/25/2009 8:19:56 PM | Computer Name = RYAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/25/2009 8:19:56 PM | Computer Name = RYAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/25/2009 8:20:08 PM | Computer Name = RYAN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 4/25/2009 8:20:08 PM | Computer Name = RYAN | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058

Error - 4/25/2009 8:20:08 PM | Computer Name = RYAN | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058


< End of report >


I can still get to the page I desire, but it takes a few times of going back and then re-clicking the site. It gets very annoying needless to say. I would appreciate any and all help you can give me!

Thanks in advance,

Ryan
  • 0

Advertisements

#2
Rorschach112
Posted 26 April 2009 - 12:16 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
let me do my thing :)

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
silvertbss
Posted 26 April 2009 - 03:02 PM

silvertbss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
That did the trick! Thanks for your help, I appreciate it.

Here is the log:

ComboFix 09-04-25.A3 - Owner 04/25/2009 18:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.764 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\TBONAS
c:\program files\TBONAS\bestoffers_icon_01.ico
c:\program files\TBONAS\grb12.rtk
c:\windows\system32\drivers\gxvxcovhosrqppxivbfxmafqjwqbikaqsrpdm.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcyyfxumkmrvkpdqvmyhwlelemrdnbmqee.dll
c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-25 23:13 . 2009-04-25 23:13 -------- d-----w c:\program files\ERUNT
2009-04-23 05:14 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-23 05:14 . 2009-04-23 05:14 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-23 05:14 . 2009-04-23 05:14 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-23 04:07 . 2009-04-23 04:07 -------- d-----w c:\program files\Trend Micro
2009-04-23 01:06 . 2009-04-23 01:06 -------- d-----w c:\windows\system32\scripting
2009-04-23 01:06 . 2009-04-23 01:06 -------- d-----w c:\windows\l2schemas
2009-04-23 01:06 . 2009-04-23 01:06 -------- d-----w c:\windows\system32\en
2009-04-23 00:27 . 2009-04-23 00:27 -------- d-----r c:\program files\Norton Support
2009-04-23 00:26 . 2009-04-23 00:26 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Symantec
2009-04-23 00:15 . 2009-04-23 00:15 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-04-23 00:15 . 2009-04-23 00:16 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-23 00:15 . 2009-04-23 00:15 -------- d-----w c:\program files\Symantec
2009-04-23 00:15 . 2009-04-23 00:15 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-23 00:15 . 2009-04-23 00:15 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-23 00:15 . 2009-04-23 00:15 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-23 00:15 . 2009-04-23 00:15 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-23 00:14 . 2009-04-23 00:14 -------- d-----w c:\windows\system32\drivers\NAV
2009-04-23 00:14 . 2009-04-25 22:58 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-23 00:14 . 2009-04-23 00:14 -------- d-----w c:\program files\Norton AntiVirus
2009-04-23 00:14 . 2009-04-23 00:14 -------- d-----w c:\program files\Windows Sidebar
2009-04-23 00:09 . 2009-04-23 00:09 -------- d-----w c:\documents and settings\All Users\Application Data\PCSettings
2009-04-23 00:09 . 2009-04-23 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-23 00:07 . 2009-04-23 00:14 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-23 00:07 . 2009-04-23 00:07 -------- d-----w c:\program files\NortonInstaller
2009-04-22 23:54 . 2009-04-23 00:12 -------- d-----w c:\documents and settings\Owner\Application Data\GetRightToGo
2009-04-12 18:45 . 2009-04-12 18:46 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 19:21 . 2009-04-11 19:21 -------- d-----w c:\program files\Xvid
2009-04-11 19:21 . 2008-12-14 03:01 77824 ----a-w c:\windows\system32\xvid.ax
2009-04-11 19:21 . 2008-12-05 04:46 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-04-11 19:21 . 2008-12-05 04:42 815104 ----a-w c:\windows\system32\xvidcore.dll
2009-04-07 20:37 . 2009-04-21 23:34 -------- d-----w c:\documents and settings\Owner\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 00:23 . 2009-04-26 00:23 3478 ----a-w C:\Rooter.txt
2009-04-23 05:14 . 2004-04-05 04:20 -------- d-----w c:\program files\Lavasoft
2009-04-23 01:09 . 2003-10-11 02:31 80795 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-23 01:08 . 2009-04-23 01:08 36864 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\gnu.dll
2009-04-23 01:08 . 2009-04-23 01:08 45056 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\util.dll
2009-04-23 01:08 . 2009-04-23 01:08 32768 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchapi.dll
2009-04-23 01:08 . 2009-04-23 01:08 3072 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\pchealthde.exe
2009-04-23 01:08 . 2009-04-23 01:08 98304 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\PluginCtrl.dll
2009-04-23 01:08 . 2009-04-23 01:08 114688 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\ZipLib.dll
2009-04-23 01:08 . 2009-04-23 01:08 77824 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\WinVerifyTrust.dll
2009-04-23 01:08 . 2009-04-23 01:08 282624 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\clientutil52.dll
2009-04-23 01:08 . 2009-04-23 01:08 356352 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\jsharpde\client_motkt.dll
2009-04-23 01:08 . 2009-04-23 01:08 4096 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABP4EN\plugin\bin\winverifytrustwrapper.dll
2009-04-23 01:02 . 2003-10-11 02:22 250048 --sha-r C:\ntldr
2009-04-20 07:01 . 2007-07-24 03:37 -------- d-----w c:\documents and settings\Owner\Application Data\Azureus
2009-04-12 18:46 . 2007-08-08 04:04 -------- d-----w c:\program files\iTunes
2009-04-12 18:45 . 2005-10-02 03:26 -------- d-----w c:\program files\iPod
2009-04-12 18:45 . 2007-07-04 00:01 -------- d-----w c:\program files\Common Files\Apple
2009-03-25 00:26 . 2009-03-25 00:25 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 00:24 . 2008-07-12 02:32 -------- d-----w c:\program files\Bonjour
2009-03-25 00:24 . 2008-02-07 05:34 -------- d-----w c:\program files\QuickTime
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 06:59 . 2009-03-25 00:22 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2008-07-20 02:19 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-10-04 17:59 . 2004-06-22 20:13 42416 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-13 21:26 . 2007-10-13 21:26 180096 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2003-10-11 05:31 . 2009-04-23 05:16 128 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2003-10-11 05:31 . 2003-10-11 05:31 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2005-02-06 22:05 . 2005-02-06 22:05 220 --sh--w c:\windows\dwin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-02 196608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-15 40960]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-10 16384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\enemy territory quake wars demo\\etqw.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\achtung454\\codename gordon\\cg.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\achtung454\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 mrtRate;mrtRate; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-04-23 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [2009-04-23 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\ccHPx86.sys [2009-04-23 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSxpx86.sys [2009-04-23 276344]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-04-23 115560]
S2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2003-03-05 15840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-23 101936]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20211ec4-82b3-11dd-8484-000ea6338442}]
\Shell\AutoRun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e349d5ba-d137-11dd-84ca-000ea6338442}]
\Shell\AutoRun\command - L:\ImageViewer4.exe -COPYFILE
.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2008-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 19:34]

2008-10-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-04 01:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
HKCU-Run-RecordNow! - (no file)
HKLM-Run-VTTimer - VTTimer.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
mStart Page = hxxp://us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 18:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1036)
c:\windows\system32\SpSubLSP.dll
.
Completion time: 2009-04-26 18:44
ComboFix-quarantined-files.txt 2009-04-26 01:43

Pre-Run: 63,734,730,752 bytes free
Post-Run: 63,724,052,480 bytes free

200 --- E O F --- 2009-04-23 01:12
  • 0

#4
Rorschach112
Posted 27 April 2009 - 07:51 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please download OTMoveIt3 by OldTimer
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20211ec4-82b3-11dd-8484-000ea6338442}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e349d5ba-d137-11dd-84ca-000ea6338442}]

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#5
Rorschach112
Posted 30 April 2009 - 09:26 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP