Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirect Virus Help Needed [Solved]

Started by rstott24 , Nov 19 2009 04:42 PM

This topic is locked

#1
rstott24

Posted 19 November 2009 - 04:42 PM

Member

Member
11 posts

Hi thanks in advance for helping me out

I don't know what help has already been given for others, but I could use some assistance. Any help will be GREATLY appreciated!

My computer is being really slow right now... also when i go into google the links i click into direct me to ads and nonrelated sites... only after clicking two or three times do i get into the original site intended. here's the hi-jack this log:

Dont really have much idea of what should be there and what shouldn't

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:57, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Trisnap Technologies\SSI\SysEnforce.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.icampus.ilstu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061117
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1418FF90-32D0-4024-B3F6-971BA5ED30F1} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: zydgdfnt - xlzybip.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOCUME~1\RAMOST~1\LOCALS~1\Temp\PFT10B~1\INSTAL~1.EXE (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\Trisnap Technologies\SSI\SysEnforce.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10397 bytes

#2
Rorschach112

Posted 19 November 2009 - 04:58 PM

Ralphie

Retired Staff
47,710 posts

hi

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#3
rstott24

Posted 19 November 2009 - 05:38 PM

Member

Topic Starter
Member
11 posts

I am unable to install combofix. I get it downloaded, double click on it, a little download bar pops up, and that's it. sometimes it will open a window that talks about people scamming you for money at combofix.org etc. but I can't get it to open. Is there something I am missing?

#4
rstott24

Posted 19 November 2009 - 06:08 PM

Member

Topic Starter
Member
11 posts

Also, I tried it again and it gave me a long list of "cannot find 'such and such file'

For example:

"Windows cannot find ‘32788R22FWJFW\ieexplore.exe’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

#5
Rorschach112

Posted 20 November 2009 - 05:44 AM

Ralphie

Retired Staff
47,710 posts

rename combofix to svchost.com

it run then ?

if not do this

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

#6
rstott24

Posted 20 November 2009 - 01:43 PM

Member

Topic Starter
Member
11 posts

OTL logfile created on: 11/20/2009 1:11:35 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Ramo Stott\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 265.98 Mb Available Physical Memory | 26.02% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.25% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 19.16 Gb Free Space | 28.24% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RFSTOTT
Current User Name: Ramo Stott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/20 13:10:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramo Stott\Desktop\OTL.exe
PRC - [2009/11/02 21:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/16 12:20:16 | 25,604,904 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/07/16 12:20:16 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/06/30 10:37:20 | 02,893,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2009/06/02 07:59:46 | 05,451,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/05/08 09:35:50 | 02,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 09:34:08 | 00,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 15:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/05 02:15:27 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/18 09:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2008/06/06 09:19:42 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2008/05/12 11:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/10/16 19:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2007/10/16 19:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/10/16 19:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/11 18:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 08:41:38 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/04/30 07:19:54 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2007/04/03 15:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/12/19 14:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/12/19 10:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 10:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 10:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/05/23 13:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/05/23 13:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/01/13 12:26:00 | 00,057,344 | ---- | M] () -- C:\Program Files\Trisnap Technologies\SSI\SysEnforce.exe
PRC - [2005/12/19 08:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2005/12/19 08:08:40 | 01,200,128 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2004/03/04 09:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/03/04 09:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Modules (SafeList) ==========

MOD - [2009/11/20 13:10:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramo Stott\Desktop\OTL.exe
MOD - [2008/04/14 04:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 18:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Viewpoint Manager Service)
SRV - File not found -- -- (CiscoVpnInstallService)
SRV - [2009/04/30 15:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/04/05 02:15:27 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/18 09:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/06/06 09:19:42 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/05/23 21:03:49 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/05/12 11:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/13 18:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 18:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\6to4svc.dll -- (6to4)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/16 19:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2007/10/16 19:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/05/25 08:41:54 | 00,099,248 | ---- | M] () -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 08:41:38 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/04/03 15:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/12/19 10:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/05/23 13:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/01/13 12:26:00 | 00,057,344 | ---- | M] () -- C:\Program Files\Trisnap Technologies\SSI\SysEnforce.exe -- (SysEnforce)
SRV - [2005/12/19 08:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/05/03 22:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)
SRV - [2005/05/03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2005/04/20 11:32:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/04 09:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061117
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061117

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.icampus.ilstu.edu/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.icampus.ilstu.edu/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/11/11 10:58:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/05 02:15:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 02:01:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.78.0\firefox\extensions
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/19 12:09:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/19 12:09:30 | 00,000,000 | ---D | M]

[2008/09/05 22:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Mozilla\Extensions
[2008/09/05 22:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/19 21:25:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Mozilla\Firefox\Profiles\0lh3z0ch.default\extensions
[2009/09/03 22:31:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Mozilla\Firefox\Profiles\0lh3z0ch.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/30 13:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Mozilla\Firefox\Profiles\0lh3z0ch.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/11/18 18:48:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Mozilla\Firefox\Profiles\0lh3z0ch.default\extensions\activegs@freetoolsassociation(2).com
[2008/11/17 07:58:31 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Ramo Stott\Application Data\Mozilla\Firefox\Profiles\0lh3z0ch.default\searchplugins\aim-search.xml
[2009/11/19 12:15:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 12:09:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/08 21:54:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/08/01 18:26:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/05 02:15:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/11/02 21:23:26 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/02 21:23:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/05 17:08:04 | 00,049,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/09/15 13:25:26 | 00,070,448 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
[2009/04/05 02:15:28 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/12/18 19:58:04 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/09/26 10:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/11/02 21:23:28 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/12/18 03:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/11/04 11:37:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/11/04 11:37:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/11/04 11:37:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/11/04 11:37:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/11/04 11:37:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/11/04 11:37:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/11/04 11:37:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/11/02 19:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/02 19:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/02 19:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/02 19:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/02 19:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/02 19:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/02 19:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305826 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10530 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {1418FF90-32D0-4024-B3F6-971BA5ED30F1} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 54 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 138.87.128.1 138.87.132.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\zydgdfnt: DllName - xlzybip.dll - File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/01 10:23:41 | 00,000,148 | R--- | M] () - D:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/03 20:32:31 | 00,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/03 20:32:31 | 00,634,880 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/03 20:23:42 | 00,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{9e5aab67-8ff0-11dc-8d1e-0015c5c21742}\Shell - "" = AutoRun
O33 - MountPoints2\{9e5aab67-8ff0-11dc-8d1e-0015c5c21742}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e5aab67-8ff0-11dc-8d1e-0015c5c21742}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - C:\WINDOWS\system32\6to4svc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/03 17:54:10 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Visual Basic Scripting Support
ActiveX: {5820512A-4E02-4D71-96AA-3EAD1F9EFE92} - Yahoo! Tracking for IE7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {9F9F36A4-6680-4104-B9F1-883262F2282D} - Yahoo! Toolbar for Internet Explorer
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {F4B2380F-9F83-482B-B51F-FD18C7EDD923} - Installation Helper
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/20 13:10:13 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ramo Stott\Desktop\OTL.exe
[2009/11/20 00:23:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Ramo Stott\Recent
[2009/11/19 18:02:26 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/19 17:54:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ramo Stott\Local Settings\Application Data\PCHealth
[2009/11/19 17:44:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/19 16:55:04 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/19 16:17:49 | 00,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2009/11/19 16:13:28 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/11/19 16:09:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/18 14:16:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/11/12 15:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ramo Stott\Application Data\CE
[2009/11/12 13:07:50 | 00,000,000 | ---D | C] -- C:\Program Files\CE
[2009/11/06 23:44:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HotbarSA
[2009/11/06 23:43:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ramo Stott\Application Data\Hotbar
[2009/07/11 15:51:42 | 00,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2009/07/11 15:51:42 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2009/07/11 15:51:42 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2009/07/11 15:51:42 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/07/11 15:51:41 | 01,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2009/07/11 15:51:41 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2009/07/11 15:51:41 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2009/07/11 15:51:41 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2009/07/11 15:51:41 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/07/11 15:51:39 | 00,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2009/07/11 15:51:37 | 00,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2009/07/11 15:51:36 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1308 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/20 13:10:19 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramo Stott\Desktop\OTL.exe
[2009/11/20 01:09:51 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\Ramo Stott\Desktop\Microsoft Office Word 2007.lnk
[2009/11/20 00:56:36 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Ramo Stott\ntuser.dat
[2009/11/20 00:43:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/20 00:43:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/20 00:43:41 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/19 18:30:16 | 00,000,639 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/11/19 18:10:21 | 00,011,026 | ---- | M] () -- C:\Documents and Settings\Ramo Stott\My Documents\Browsers 11-19-09.docx
[2009/11/19 17:57:12 | 03,568,341 | ---- | M] () -- C:\Documents and Settings\Ramo Stott\Desktop\Combo-Fix.exe
[2009/11/19 17:09:09 | 00,000,057 | ---- | M] () -- C:\UPDATE_{A14CD6FC-3BA8-4703-87BF-E3247CE382F5}.ini
[2009/11/19 16:37:43 | 00,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/19 16:09:29 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Ramo Stott\Desktop\HijackThis.lnk
[2009/11/19 12:36:41 | 00,556,848 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/19 12:36:41 | 00,465,202 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/19 12:36:41 | 00,081,570 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/19 12:09:36 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/19 12:07:23 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Ramo Stott\My Documents\~$owsers 11-19-09.docx
[2009/11/19 10:50:13 | 00,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/19 10:48:54 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Ramo Stott\ntuser.ini
[2009/11/19 10:48:47 | 11,226,230 | -H-- | M] () -- C:\Documents and Settings\Ramo Stott\Local Settings\Application Data\IconCache.db
[2009/11/18 23:32:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/17 19:41:08 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/17 19:41:08 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/17 02:55:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/11/17 02:55:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/11/17 02:05:06 | 00,375,609 | ---- | M] () -- C:\Documents and Settings\Ramo Stott\My Documents\Video call snapshot 87.png
[2009/11/16 04:00:00 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/11/15 01:57:01 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2009/11/14 22:00:46 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/07 02:48:41 | 00,305,826 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/06 23:44:38 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1308 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/19 17:56:57 | 03,568,341 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Desktop\Combo-Fix.exe
[2009/11/19 16:09:29 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Desktop\HijackThis.lnk
[2009/11/19 12:07:23 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Ramo Stott\My Documents\~$owsers 11-19-09.docx
[2009/11/19 12:07:22 | 00,011,026 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\My Documents\Browsers 11-19-09.docx
[2009/11/17 19:41:08 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/17 19:41:08 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/17 02:04:42 | 00,375,609 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\My Documents\Video call snapshot 87.png
[2009/11/12 13:07:53 | 00,214,224 | ---- | C] () -- C:\WINDOWS\System32\nmNsp(2).dll
[2009/11/07 06:53:54 | 07,864,320 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\ntuser.dat
[2009/08/08 01:04:07 | 00,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/07/11 15:54:57 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2009/07/11 15:54:53 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/07/11 15:53:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2009/07/11 15:53:52 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2009/07/11 15:53:52 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2009/07/11 15:52:58 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/07/11 15:51:42 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/07/11 15:51:38 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/05/08 09:13:04 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 15:00:12 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/04/16 23:13:41 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/07 15:49:18 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\hasher.dll
[2009/04/05 10:30:11 | 00,004,174 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Local Settings\Application Data\1418FF90-32D0-4024-B3F6-971BA5ED30F1.txt
[2008/11/26 13:52:48 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/30 22:04:56 | 00,090,668 | ---- | C] () -- C:\WINDOWS\System32\vobis32.dll
[2008/01/25 18:43:10 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\301F71A543.sys
[2008/01/25 18:43:09 | 00,002,984 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/21 12:18:11 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/12/14 12:56:35 | 00,000,194 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Application Data\wklnhst.dat
[2007/11/14 21:57:07 | 11,226,230 | -H-- | C] () -- C:\Documents and Settings\Ramo Stott\Local Settings\Application Data\IconCache.db
[2007/11/13 16:56:13 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/11/06 18:48:40 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/06 18:48:39 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Application Data\PnkBstrK.sys
[2007/11/04 19:32:37 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/13 19:12:33 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/08/14 19:41:47 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/08/13 14:29:08 | 00,000,639 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/08/05 13:56:35 | 00,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2007/08/05 13:56:35 | 00,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2007/08/05 13:53:04 | 00,000,196 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/13 10:43:00 | 00,000,181 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/06/19 08:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 07:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/03 15:18:26 | 00,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 15:18:06 | 00,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/12/26 10:57:57 | 00,059,904 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/26 10:07:49 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/24 14:17:51 | 00,073,960 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/12/24 13:46:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ramo Stott\Application Data\desktop.ini
[2006/12/24 13:45:59 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Ramo Stott\Local Settings\Application Data\fusioncache.dat
[2006/11/18 00:08:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/17 23:56:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/17 23:44:53 | 00,004,857 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/17 23:11:38 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/11/17 23:11:26 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/17 23:11:22 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/17 23:11:14 | 00,000,299 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 04:18:43 | 00,000,728 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 04:18:41 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/06/22 12:37:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 05:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/10 05:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/10 05:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit(3).dll
[2004/08/10 05:00:00 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit(2).dll
[2004/08/10 05:00:00 | 00,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2004/08/10 05:00:00 | 00,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2004/08/10 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(7).dll
[2004/08/10 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(6).dll
[2004/08/10 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(5).dll
[2004/08/10 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(4).dll
[2004/08/10 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(3).dll
[2004/08/10 05:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/10 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(7).dll
[2004/08/10 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(6).dll
[2004/08/10 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(5).dll
[2004/08/10 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(4).dll
[2004/08/10 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2004/08/10 05:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/09 22:11:42 | 00,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/10 13:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 13:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

========== LOP Check ==========

[2008/11/17 01:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/04/06 09:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/11/17 23:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2008/02/26 12:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/04/05 02:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2007/12/23 02:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2008/02/07 19:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2007/10/13 20:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/11/06 23:44:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotbarSA
[2008/01/25 19:21:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/11/25 01:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/03/28 14:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/11/18 14:16:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/01/16 00:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2007/10/03 13:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/01/06 15:45:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/03/29 13:53:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/06 16:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/04 18:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/12/26 02:10:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/28 14:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2008/01/21 12:20:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\acccore
[2006/11/17 23:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\ATI
[2009/01/15 03:02:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Big Fish Games
[2009/11/18 18:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\CE
[2008/03/19 17:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Corel
[2009/03/28 14:57:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\DriverCure
[2007/12/05 19:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\ForgottenRiddles
[2007/02/24 15:01:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\fretsonfire
[2009/03/28 00:51:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\funkitron
[2009/11/06 23:44:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Hotbar
[2009/08/13 12:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Hoyle Blackjack
[2009/08/21 13:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Hoyle Card Games
[2008/06/09 18:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Hoyle FaceCreator
[2009/01/25 14:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\IObit
[2007/12/04 14:52:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\iWin
[2008/04/13 19:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Jane s Hotel Family Hero
[2007/10/21 17:39:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Juniper Networks
[2007/08/14 19:28:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\K-Meleon
[2008/11/26 13:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Leadertech
[2007/12/08 20:12:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Legends of pirates
[2007/11/01 01:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Opera
[2008/11/25 01:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Otto
[2006/12/31 15:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\PlayFirst
[2008/01/21 12:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\QQ Games Plugin
[2008/02/03 09:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\SecondLife
[2007/09/03 16:18:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\SecuROM
[2008/10/19 23:58:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\SpinTop
[2007/12/14 12:56:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Template
[2009/03/28 20:43:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\The Creative Assembly
[2007/10/17 14:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Uniblue
[2008/11/26 19:13:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\Unity
[2009/04/08 04:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ramo Stott\Application Data\zswedwcr
[2004/08/10 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/15 01:57:01 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2009/11/20 00:43:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/16 04:00:00 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/02/19 21:21:11 | 13,942,676 | ---- | M] () -- C:\CradleOfRomeSetup.exe
[2006/12/26 23:36:59 | 23,510,720 | ---- | M] (Microsoft Corporation) -- C:\dotnetfx.exe
[2008/02/03 13:11:53 | 06,026,816 | ---- | M] (Mozilla) -- C:\Firefox Setup 2.0.0.11.exe
[2008/01/25 18:04:34 | 13,413,048 | ---- | M] () -- C:\Google_Earth_BZXD.exe
[2007/10/19 18:57:33 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\IE7-WindowsXP-x86-enu.exe
[2008/02/19 19:51:10 | 17,388,288 | ---- | M] () -- C:\InstallGutterball2.exe
[2008/01/21 12:15:35 | 13,905,056 | ---- | M] (AOL LLC.) -- C:\Install_AIM.exe
[2008/01/26 13:19:10 | 00,382,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u3-windows-i586-p-iftw.exe
[2007/11/01 01:23:19 | 04,921,080 | ---- | M] (Opera Software ASA ) -- C:\Opera_9.24_Eng_Setup.exe
[2008/02/03 08:49:46 | 35,567,445 | ---- | M] () -- C:\Second_Life_1-18-5-3_Setup.exe
[2008/01/24 20:14:36 | 03,233,040 | ---- | M] (Unity Technologies ApS) -- C:\UnityWebPlayer.exe
[2008/02/08 09:44:40 | 18,568,192 | ---- | M] (Microsoft Corporation) -- C:\yie7setup_tb7_news.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[41 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[1308 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[41 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[1308 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[41 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[1308 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2006/05/11 10:30:52 | 00,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/10 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[41 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[1 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[41 C:\WINDOWS\$NtServicePackUninstall$\*.tmp files -> C:\WINDOWS\$NtServicePackUninstall$\*.tmp -> ]
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
[2006/03/16 18:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-19 10:31:36

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B72A7C
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A639C45
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4630A5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405AC508
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82ED8454
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E3B85EF
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:540D5D33
< End of report >

OTL Extras logfile created on: 11/20/2009 1:11:35 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = C:\Documents and Settings\Ramo Stott\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 265.98 Mb Available Physical Memory | 26.02% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.25% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.83 Gb Total Space | 19.16 Gb Free Space | 28.24% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RFSTOTT
Current User Name: Ramo Stott
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"8081:TCP" = 8081:TCP:*:Enabled:RESNET-EPO-8081-TCP
"8082:TCP" = 8082:TCP:*:Enabled:RESNET-EPO-8082-TCP
"8444:TCP" = 8444:TCP:*:Enabled:RESNET-EPO-8444-TCP
"8081:UDP" = 8081:UDP:*:Enabled:RESNET-EPO-8081-UDP
"8082:UDP" = 8082:UDP:*:Enabled:RESNET-EPO-8082-UDP
"8444:UDP" = 8444:UDP:*:Enabled:RESNET-EPO-8444-UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\app4r.exe:*:Enabled:Printing Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Ramo Stott\Local Settings\Temp\7zS3A.tmp\SymNRT.exe" = C:\Documents and Settings\Ramo Stott\Local Settings\Temp\7zS3A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Documents and Settings\Ramo Stott\Local Settings\Temp\7zS3B.tmp\SymNRT.exe" = C:\Documents and Settings\Ramo Stott\Local Settings\Temp\7zS3B.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\EA SPORTS\MVP Baseball 2005\mvp2005.exe" = C:\Program Files\EA SPORTS\MVP Baseball 2005\mvp2005.exe:*:Enabled:mvp2005 -- ()
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:2500 Series Server -- ( )
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Device Monitor Application -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{130FA2D4-E5B3-4BA8-9C4A-70B615655319}" = Jing
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B6B3673-EF82-44B8-9600-D29D7EE0B85D}" = KMeleon
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47836B39-2465-4F39-9D7E-52F70A1C3D72}" = Axis & Allies
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5188D24B-9003-41B9-BC5D-7FEBA5C8F3AE}" = Dirt Track Racing 2
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57ABE5FC-9E26-49E0-00A3-CF45D750B1AB}" = MVP Baseball 2005
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{8C5766F2-81D9-4B5A-8AD5-A8BD6361EF0A}" = Hoyle Card Games
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{925FFD4D-DF53-4768-BF12-1061BB985D73}" = Windows AutoUpdate Utility (Mini)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B779207F-4F32-471B-8B52-A3A0F3C2ED02}" = McAfee ePolicy Orchestrator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D302D575-C0C8-4E33-9B7A-F8CF5A9B78FB}" = Map Network Drive Utility
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dirt Track Racing - Sprint Cars" = Dirt Track Racing - Sprint Cars
"Forgotten Riddles - The Mayan Princess" = Forgotten Riddles - The Mayan Princess
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"iLuminaPremiumStarter" = iLumina Gold Premium Starter
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark 510 Series" = Lexmark 510 Series
"LimeWire" = LimeWire 4.18.8
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NASCAR Racing 2002 Season" = NASCAR® Racing 2002 Season
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 7.0
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"Smart Defrag_is1" = Smart Defrag 1.10
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Spyware Interrogator" = System Spyware Interrogator
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2009 10:25:16 AM | Computer Name = RFSTOTT | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1628 (0x65c) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.2.123
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Ramo
Stott\Application Data\Opera\Opera\CoD4MWDemoSetup.exe by C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 11/18/2009 10:25:30 AM | Computer Name = RFSTOTT | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 10 seconds;

Error - 11/18/2009 4:16:34 PM | Computer Name = RFSTOTT | Source = Application Error | ID = 1000
Description = Faulting application nmsvc.exe, version 0.0.0.0, faulting module nmsvc.exe,
version 0.0.0.0, fault address 0x000ae3f8.

Error - 11/18/2009 8:18:39 PM | Computer Name = RFSTOTT | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 11/18/2009 8:53:23 PM | Computer Name = RFSTOTT | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 11/19/2009 12:50:58 PM | Computer Name = RFSTOTT | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 11/19/2009 7:34:46 PM | Computer Name = RFSTOTT | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6504.5000, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 11/19/2009 7:54:15 PM | Computer Name = RFSTOTT | Source = Microsoft Office 12 | ID = 5000
Description = EventType offdiag12, P1 1736fca2-48fb-4b9f-84f4-620784c8677043999e1e-3c44-447d-a8b9-78f225a98f97,
P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 11/19/2009 8:40:36 PM | Computer Name = RFSTOTT | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.6504.5000, P3
ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 11/20/2009 2:48:49 AM | Computer Name = RFSTOTT | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

[ OSession Events ]
Error - 9/19/2007 10:17:26 AM | Computer Name = D5LK34C1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/19/2007 10:17:36 AM | Computer Name = D5LK34C1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/19/2007 10:17:50 AM | Computer Name = D5LK34C1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/1/2007 3:19:29 AM | Computer Name = D5LK34C1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13885
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 3/6/2009 2:40:24 AM | Computer Name = RFSTOTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 110925
seconds with 13200 seconds of active time. This session ended with a crash.

Error - 8/6/2009 10:21:56 PM | Computer Name = RFSTOTT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 136
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/20/2009 2:44:05 AM | Computer Name = RFSTOTT | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/20/2009 2:49:20 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7000
Description = The Cisco Systems, Inc. Installer service service failed to start
due to the following error: %%3

Error - 11/20/2009 2:49:20 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7003
Description = The Cisco Systems Inc. IPSec Driver service depends on the following
nonexistent service: DNE

Error - 11/20/2009 2:49:20 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Updater Service
service to connect.

Error - 11/20/2009 2:49:20 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 11/20/2009 2:49:20 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 11/20/2009 2:49:21 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7000
Description = The Microsoft USB 2.0 Enhanced Host Controller Miniport Controller
service failed to start due to the following error: %%1083

Error - 11/20/2009 2:49:21 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 11/20/2009 2:49:21 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7024
Description = The Media Center Extender Service service terminated with service-specific
error 2147500037 (0x80004005).

Error - 11/20/2009 2:50:22 AM | Computer Name = RFSTOTT | Source = Service Control Manager | ID = 7003
Description = The Cisco Systems Inc. IPSec Driver service depends on the following
nonexistent service: DNE

< End of report >

#7
Rorschach112

Posted 20 November 2009 - 04:51 PM

Ralphie

Retired Staff
47,710 posts

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O20 - Winlogon\Notify\zydgdfnt: DllName - xlzybip.dll - File not found
O32 - AutoRun File - [2007/05/01 10:23:41 | 00,000,148 | R--- | M] () - D:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/03 20:32:31 | 00,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/03 20:32:31 | 00,634,880 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/03 20:23:42 | 00,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{9e5aab67-8ff0-11dc-8d1e-0015c5c21742}\Shell - "" = AutoRun
O33 - MountPoints2\{9e5aab67-8ff0-11dc-8d1e-0015c5c21742}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e5aab67-8ff0-11dc-8d1e-0015c5c21742}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to move:
C:\WINDOWS\system32\dllcache\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

#8
rstott24

Posted 21 November 2009 - 10:17 AM

Member

Topic Starter
Member
11 posts

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\system32\dllcache\atapi.sys" not found!
File move operation "C:\WINDOWS\system32\dllcache\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

#9
Rorschach112

Posted 21 November 2009 - 10:45 AM

Ralphie

Retired Staff
47,710 posts

re-download combofix and try run it again

#10
rstott24

Posted 21 November 2009 - 11:39 AM

Member

Topic Starter
Member
11 posts

ComboFix 09-11-20.05 - Ramo Stott 11/21/2009 11:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.270 [GMT -6:00]
Running from: c:\documents and settings\Ramo Stott\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ramo Stott\Application Data\Hotbar
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\history
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\Weather_XML\Default
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\Weather_XML\Genera1
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\Weather_XML\General
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\Links
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\radar-big.jpg
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\radar-small
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\satellite-big.jpg
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\satellite-small
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences
c:\documents and settings\Ramo Stott\Application Data\Hotbar\Weather\WeatherStartup.xml
c:\program files\SelectRebates
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\windows\kb913800.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\_004866_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004868_.tmp.dll
c:\windows\system32\_004869_.tmp.dll
c:\windows\system32\_004876_.tmp.dll
c:\windows\system32\_004877_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004880_.tmp.dll
c:\windows\system32\_004881_.tmp.dll
c:\windows\system32\_004882_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004884_.tmp.dll
c:\windows\system32\_004885_.tmp.dll
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004887_.tmp.dll
c:\windows\system32\_004888_.tmp.dll
c:\windows\system32\_004889_.tmp.dll
c:\windows\system32\_004890_.tmp.dll
c:\windows\system32\_004891_.tmp.dll
c:\windows\system32\_004894_.tmp.dll
c:\windows\system32\_004895_.tmp.dll
c:\windows\system32\_004896_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004900_.tmp.dll
c:\windows\system32\_004902_.tmp.dll
c:\windows\system32\_004904_.tmp.dll
c:\windows\system32\_004905_.tmp.dll
c:\windows\system32\_004906_.tmp.dll
c:\windows\system32\_004907_.tmp.dll
c:\windows\system32\_004908_.tmp.dll
c:\windows\system32\_004909_.tmp.dll
c:\windows\system32\_004910_.tmp.dll
c:\windows\system32\_004912_.tmp.dll
c:\windows\system32\_004913_.tmp.dll
c:\windows\system32\_004914_.tmp.dll
c:\windows\system32\_004915_.tmp.dll
c:\windows\system32\_004916_.tmp.dll
c:\windows\system32\_004917_.tmp.dll
c:\windows\system32\_004918_.tmp.dll
c:\windows\system32\_004921_.tmp.dll
c:\windows\system32\_004922_.tmp.dll
c:\windows\system32\_004923_.tmp.dll
c:\windows\system32\_004924_.tmp.dll
c:\windows\system32\_004925_.tmp.dll
c:\windows\system32\_004927_.tmp.dll
c:\windows\system32\_004928_.tmp.dll
c:\windows\system32\_004929_.tmp.dll
c:\windows\system32\_004931_.tmp.dll
c:\windows\system32\_004934_.tmp.dll
c:\windows\system32\_004935_.tmp.dll
c:\windows\system32\_004936_.tmp.dll
c:\windows\system32\_004939_.tmp.dll
c:\windows\system32\_004940_.tmp.dll
c:\windows\system32\_004942_.tmp.dll
c:\windows\system32\_004945_.tmp.dll
c:\windows\system32\_004947_.tmp.dll
c:\windows\system32\_004949_.tmp.dll
c:\windows\system32\_004950_.tmp.dll
c:\windows\system32\_004953_.tmp.dll
c:\windows\system32\_004954_.tmp.dll
c:\windows\system32\_004955_.tmp.dll
c:\windows\system32\_004956_.tmp.dll
c:\windows\system32\_004957_.tmp.dll
c:\windows\system32\_004962_.tmp.dll
c:\windows\system32\_004964_.tmp.dll
c:\windows\system32\_004965_.tmp.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 07:18 . 2009-11-21 07:18 -------- d-----w- C:\_OTL
2009-11-19 23:54 . 2009-11-19 23:54 -------- d-----w- c:\documents and settings\Ramo Stott\Local Settings\Application Data\PCHealth
2009-11-19 22:13 . 2009-11-19 22:13 -------- d-----w- C:\!KillBox
2009-11-19 22:09 . 2009-11-19 22:09 -------- d-----w- c:\program files\Trend Micro
2009-11-19 00:50 . 2009-11-19 00:50 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-18 20:16 . 2009-11-18 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-11-17 09:01 . 2009-11-17 09:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-12 21:00 . 2009-11-19 00:47 -------- d-----w- c:\documents and settings\Ramo Stott\Application Data\CE
2009-11-12 19:07 . 2009-09-16 16:53 214224 ----a-w- c:\windows\system32\nmNsp(2).dll
2009-11-12 19:07 . 2009-11-19 00:48 -------- d-----w- c:\program files\CE
2009-11-07 05:44 . 2009-11-07 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HotbarSA
2009-11-04 09:29 . 2009-09-04 23:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-04 09:29 . 2009-09-04 23:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-04 09:29 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-04 09:29 . 2009-09-04 23:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-04 09:29 . 2009-09-04 23:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-04 09:29 . 2009-09-04 23:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-04 09:29 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-04 09:29 . 2009-03-09 21:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-11-04 09:29 . 2009-03-09 21:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-11-04 09:29 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-11-04 09:28 . 2009-09-04 23:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-11-04 09:28 . 2009-03-16 20:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-11-04 09:28 . 2009-03-16 20:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-11-04 09:28 . 2009-03-16 20:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-11-04 09:23 . 2009-11-04 09:33 -------- d-----w- c:\program files\Microsoft DirectX SDK (August 2009)
2009-11-04 09:22 . 2009-11-04 09:22 93512 ----a-w- c:\windows\dxsdkuninst.exe
2009-10-27 08:59 . 2009-11-12 19:26 331064 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-27 05:51 . 2009-10-27 05:51 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-27 05:50 . 2009-10-27 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-27 05:42 . 2009-10-27 05:42 -------- d-----w- c:\documents and settings\Ramo Stott\Local Settings\Application Data\TechSmith
2009-10-27 05:41 . 2009-10-27 05:41 -------- d-----w- c:\program files\TechSmith
2009-10-24 08:17 . 2009-10-24 08:17 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 17:32 . 2009-08-02 23:34 -------- d-----w- c:\documents and settings\Ramo Stott\Application Data\Skype
2009-11-21 16:05 . 2009-08-02 23:35 -------- d-----w- c:\documents and settings\Ramo Stott\Application Data\skypePM
2009-11-20 06:24 . 2009-04-29 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-20 05:42 . 2007-08-15 01:23 -------- d-----w- c:\program files\ResNet
2009-11-19 23:49 . 2007-07-12 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-19 18:18 . 2009-09-20 18:44 -------- d-----w- c:\documents and settings\Ramo Stott\Application Data\Move Networks
2009-11-17 08:55 . 2009-08-10 05:04 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-17 08:55 . 2009-08-08 07:03 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-15 04:00 . 2006-12-26 17:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-12 19:07 . 2006-11-18 05:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 18:11 . 2006-12-24 20:17 73960 -c--a-w- c:\documents and settings\Ramo Stott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 08:07 . 2006-11-18 05:52 -------- d-----w- c:\program files\Microsoft Works
2009-10-27 05:40 . 2007-12-26 02:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-01 22:11 . 2009-10-01 22:11 -------- d-----w- c:\program files\Dell 720
2009-09-11 14:18 . 2009-04-10 00:08 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:15 . 2009-09-10 19:15 49152 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\NewShortcut6_81A349029D0B4920A25C4CDC5D14B328.exe
2009-09-10 19:15 . 2009-09-10 19:15 14278 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\PaintShopPro8_TryAndBuy.exe
2009-09-10 19:15 . 2009-09-10 19:15 14278 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\ARPPRODUCTICON.exe
2009-09-10 19:15 . 2007-08-13 20:31 57344 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2009-09-10 19:15 . 2007-08-13 20:31 57344 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2009-09-10 19:13 . 2009-09-10 19:13 57344 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2009-09-10 19:13 . 2009-09-10 19:13 57344 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D4147E5C816B.exe
2009-09-10 19:13 . 2009-09-10 19:13 4598 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\NewShortcut2.exe
2009-09-10 19:13 . 2009-09-10 19:13 4598 ----a-r- c:\documents and settings\Ramo Stott\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\ARPPRODUCTICON.exe
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 18:06 . 2008-11-26 19:52 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2009-08-29 08:08 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2007-11-13 22:56 . 2007-11-13 22:56 251 -c--a-w- c:\program files\wt3d.ini
2009-03-05 23:08 . 2009-04-06 16:06 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-03-19 19:12 . 2008-01-26 00:43 88 -csha-r- c:\windows\system32\301F71A543.sys
2008-03-19 19:12 . 2008-01-26 00:43 2984 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2009-06-30 2893064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-17 111952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8081:TCP"= 8081:TCP:RESNET-EPO-8081-TCP
"8082:TCP"= 8082:TCP:RESNET-EPO-8082-TCP
"8444:TCP"= 8444:TCP:RESNET-EPO-8444-TCP
"8081:UDP"= 8081:UDP:RESNET-EPO-8081-UDP
"8082:UDP"= 8082:UDP:RESNET-EPO-8082-UDP
"8444:UDP"= 8444:UDP:RESNET-EPO-8444-UDP

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [7/11/2009 3:54 PM 99248]
S2 udtqtdoc;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [8/10/2004 5:00 AM 14336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 lac97inf;lac97inf;\??\c:\docume~1\RAMOST~1\LOCALS~1\Temp\lac97inf.sys --> c:\docume~1\RAMOST~1\LOCALS~1\Temp\lac97inf.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2009-11-16 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-09-18 19:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.icampus.ilstu.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ramo Stott\Application Data\Mozilla\Firefox\Profiles\0lh3z0ch.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.icampus.ilstu.edu/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{1418FF90-32D0-4024-B3F6-971BA5ED30F1} - (no file)
AddRemove-Forgotten Riddles - The Mayan Princess - E:\UNWISE.EXE
AddRemove-LimeWire - e:\limewire\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 11:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3867970769-1844986210-2103426209-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3867970769-1844986210-2103426209-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,92,8b,fd,0d,a0,ae,8c,0a,52,be,76,15,73,68,79,f2,60,5f,1e,ad,b3,60,
06,bd,14,81,c0,f0,83,8f,80,a8,bd,57,42,68,32,fa,8b,3b,60,6f,87,05,ae,ee,38,\
"??"=hex:23,ab,eb,57,7f,f2,45,f8,cf,ab,64,fe,d1,a8,9e,f9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\McAfee\VirusScan Enterprise\scriptcl.dll
c:\windows\system32\JScript.dll
c:\windows\system32\VBScript.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-21 11:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 17:37

Pre-Run: 20,888,887,296 bytes free
Post-Run: 20,668,755,968 bytes free

- - End Of File - - F6EC98A6E716FF9CFA237D6FDA2024FF

#11
Rorschach112

Posted 21 November 2009 - 01:40 PM

Ralphie

Retired Staff
47,710 posts

hi

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Processes

:Services
lac97inf
:Reg

:Files
c:\documents and settings\All Users\Application Data\HotbarSA

:Commands
[purity]
[emptytemp]
[Reboot]
```
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#12
rstott24

Posted 22 November 2009 - 09:37 PM

Member

Topic Starter
Member
11 posts

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service lac97inf stopped successfully!
Service lac97inf deleted successfully!
========== REGISTRY ==========
========== FILES ==========
c:\documents and settings\All Users\Application Data\HotbarSA folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ramo Stott
->Temp folder emptied: 2050062 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 6802 bytes
->FireFox cache emptied: 67773603 bytes
->Apple Safari cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 66.72 mb

OTM by OldTimer - Version 3.1.2.0 log created on 11222009_025151

Files moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.41
Database version: 3213
Windows 5.1.2600 Service Pack 3

11/22/2009 4:48:24 PM
mbam-log-2009-11-22 (16-48-24).txt

Scan type: Quick Scan
Objects scanned: 130145
Time elapsed: 8 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Ramo Stott\My Documents\downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 22, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 22, 2009 23:15:46
Records in database: 3278335
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 111800
Threats found: 1
Infected objects found: 113
Suspicious objects found: 0
Scan duration: 04:07:57

File name / Threat / Threats count
C:\WINDOWS\system32\spool\prtprocs\w32x86\74D.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\750.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\751.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\752.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\75A.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\75B.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\75C.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\762.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\774.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\77D.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\782.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\783.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\784.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\785.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\786.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\787.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\788.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\789.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\78A.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\78B.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\78E.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\78F.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\790.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\791.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\792.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\793.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\794.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\795.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\796.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\797.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\798.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\799.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79A.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79B.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79C.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79D.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79E.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79F.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A2.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A3.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AA.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AB.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AC.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AD.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AF.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B2.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B3.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BA.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BB.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BC.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BD.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BF.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C2.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C3.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CA.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CB.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CC.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CD.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CF.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7D0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7D1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7DD.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7DE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EA.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EB.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EC.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7ED.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EF.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F2.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F3.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7FA.tmp Infected: Packed.Win32.TDSS.z 1

Selected area has been scanned.

#13
Rorschach112

Posted 23 November 2009 - 07:03 AM

Ralphie

Retired Staff
47,710 posts

kaspersky too

#14
rstott24

Posted 23 November 2009 - 11:05 AM

Member

Topic Starter
Member
11 posts

Kaspersky is the entire last part. Here it is again:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 22, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 22, 2009 23:15:46
Records in database: 3278335
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 111800
Threats found: 1
Infected objects found: 113
Suspicious objects found: 0
Scan duration: 04:07:57

File name / Threat / Threats count
C:\WINDOWS\system32\spool\prtprocs\w32x86\74D.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\750.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\751.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\752.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\75A.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\75B.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\75C.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\762.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\774.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\77D.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\782.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\783.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\784.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\785.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\786.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\787.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\788.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\789.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\78A.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\78B.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\78E.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\78F.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\790.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\791.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\792.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\793.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\794.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\795.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\796.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\797.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\798.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\799.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79A.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79B.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79C.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79D.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79E.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\79F.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A2.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A3.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7A9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AA.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AB.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AC.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AD.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7AF.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B2.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B3.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7B9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BA.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BB.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BC.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BD.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7BF.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C2.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C3.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7C9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CA.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CB.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CC.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CD.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7CF.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7D0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7D1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7DD.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7DE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7E9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EA.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EB.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EC.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7ED.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EE.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7EF.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F0.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F1.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F2.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F3.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F4.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F5.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F6.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F7.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F8.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7F9.tmp Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\7FA.tmp Infected: Packed.Win32.TDSS.z 1

Selected area has been scanned.

#15
Rorschach112

Posted 23 November 2009 - 11:37 AM

Ralphie

Retired Staff
47,710 posts

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services

:Reg

:Files
C:\WINDOWS\system32\spool\prtprocs\w32x86\*.tmp
:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.