Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Over My Head - Seeking Assistance with Trojan/RootKit/Other [Solved]

Started by wilsonrandy , Dec 12 2009 08:10 PM

  • This topic is locked This topic is locked

#31
wilsonrandy
Posted 16 December 2009 - 04:47 PM

wilsonrandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Ok, I got all the way to the last step, replaced atapi.sys, and on the final reboot, it blue screened my computer again. I am back to "last known good config" currently.

Here is the GMER, I don't see atapi.sys on the list anymore, hopefully that is a good sign?




GMER 1.0.15.15279 - http://www.gmer.net
Rootkit quick scan 2009-12-16 16:46:47
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\RANDYW~1\LOCALS~1\Temp\kwtoapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#32
hammerman
Posted 17 December 2009 - 12:29 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Yes, that's a good sign. How's you computer running at the moment?

Run OTL
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scans/Fixes box paste this in the following.

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#33
wilsonrandy
Posted 17 December 2009 - 03:01 PM

wilsonrandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here is the latest scan...


OTL logfile created on: 12/17/2009 2:44:45 PM - Run 4
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Randy Wilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 85.78% Memory free
3.08 Gb Paging File | 2.46 Gb Available in Paging File | 79.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.29 Gb Total Space | 11.91 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D93323C1
Current User Name: Randy Wilson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Randy Wilson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\ITunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\ManagerApp\OneTouch.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Maxtor\Utils\SyncServices.exe ( )
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Randy Wilson\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (MaxBackServiceInt) -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (NTService1) -- C:\Program Files\Maxtor\Utils\SyncServices.exe ( )
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de680400}:1.4.0.5
FF - prefs.js..extensions.enabledItems: {3C77E5D3-FD11-43B3-BD40-B3C8605EFF76}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2009/02/14 19:07:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3C77E5D3-FD11-43B3-BD40-B3C8605EFF76}: C:\Documents and Settings\Randy Wilson\Local Settings\Application Data\{3C77E5D3-FD11-43B3-BD40-B3C8605EFF76}\ [2009/12/06 17:15:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 14:42:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 14:42:47 | 00,000,000 | ---D | M]

[2009/01/10 08:08:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Mozilla\Extensions
[2009/12/16 19:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Mozilla\Firefox\Profiles\4wj2mmij.default\extensions
[2009/01/11 06:31:27 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Randy Wilson\Application Data\Mozilla\Firefox\Profiles\4wj2mmij.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/16 19:59:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/14 19:07:37 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2007/03/02 07:17:24 | 00,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2008/06/18 00:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/01/17 05:18:04 | 00,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007/07/02 09:42:20 | 00,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 9 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/30 10:50:53 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 11:52:56 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "clr_optimization_v2.0.50727_32"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "Fax"
MsConfig - Services: "RSVP"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "CinemaNow Service"
MsConfig - Services: "SSScsiSV"
MsConfig - Services: "LinksysUpdater"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^Randy Wilson^Start Menu^Programs^Startup^Axis & Allies Registration.lnk - C:\Documents and Settings\Randy Wilson\Local Settings\Temp\{22D048E9-8A2A-4DE6-AE5C-6B3FB89F4135}\{47836B39-2465-4F39-9D7E-52F70A1C3D72}\ATR1.EXE - File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: SmileboxTray - hkey= - key= - C:\Documents and Settings\Randy Wilson\Application Data\Smilebox\SmileboxTray.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - pclepim1.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/16 16:35:55 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/16 16:35:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2009/12/16 16:35:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2009/12/14 16:53:41 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/12/14 16:46:24 | 00,425,472 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Randy Wilson\Desktop\OTM.exe
[2009/12/14 03:02:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/12/13 19:04:32 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/12/13 12:51:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/13 07:58:10 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Randy Wilson\Desktop\OTL.exe
[2009/12/12 15:21:51 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Randy Wilson\Desktop\RootRepeal(2).exe
[2009/12/12 14:08:43 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Randy Wilson\Desktop\SysRestorePoint.exe
[2009/12/12 13:20:30 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Randy Wilson\Desktop\TFC.exe
[2009/12/12 11:45:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/12/09 17:30:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Randy Wilson\Application Data\PC
[2009/12/06 17:15:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Randy Wilson\Local Settings\Application Data\{3C77E5D3-FD11-43B3-BD40-B3C8605EFF76}
[2009/12/06 14:31:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Randy Wilson\My Documents\Panama Pics
[2009/07/22 02:00:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/18 17:57:25 | 00,262,144 | ---- | C] (ZoneAlarm) -- C:\Program Files\Uninstall Spy Blocker.dll
[2008/09/12 16:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/23 21:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/02 12:35:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/11/19 16:39:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/16 22:28:02 | 00,551,424 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\My Documents\VWars.xls
[2009/12/16 21:45:14 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0BC5FF3F-6819-4A6C-92AF-AE4D28C12C86}.job
[2009/12/16 17:22:25 | 00,002,035 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/16 16:46:01 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/16 16:46:01 | 00,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/16 16:46:01 | 00,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/16 16:42:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/16 16:41:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/16 16:41:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/16 16:37:26 | 06,553,600 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\NTUSER.DAT
[2009/12/16 16:37:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Randy Wilson\ntuser.ini
[2009/12/16 16:37:09 | 21,954,304 | -H-- | M] () -- C:\Documents and Settings\Randy Wilson\Local Settings\Application Data\IconCache.db
[2009/12/16 16:36:18 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009/12/14 16:46:30 | 00,425,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy Wilson\Desktop\OTM.exe
[2009/12/13 21:41:22 | 00,054,912 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Desktop\BootCheck.exe
[2009/12/13 19:02:52 | 00,731,136 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Desktop\avenger.exe
[2009/12/13 19:01:34 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Desktop\avenger.zip
[2009/12/13 13:06:43 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Desktop\SystemLook.exe
[2009/12/13 08:16:24 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Desktop\gmer.exe
[2009/12/13 07:58:11 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy Wilson\Desktop\OTL.exe
[2009/12/13 07:51:25 | 00,382,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/12 15:21:57 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Randy Wilson\Desktop\RootRepeal(2).exe
[2009/12/12 14:44:32 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Desktop\settings.dat
[2009/12/12 14:08:43 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Randy Wilson\Desktop\SysRestorePoint.exe
[2009/12/12 13:20:32 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy Wilson\Desktop\TFC.exe
[2009/12/12 12:29:24 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/11 21:15:58 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 21:07:35 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/12/10 21:42:45 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/10 19:53:44 | 00,120,444 | ---- | M] () -- C:\WINDOWS\System32\$winnt$r.sys
[2009/12/09 23:31:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/06 15:25:36 | 00,000,442 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Application Data\wklnhst.dat
[2009/12/06 14:29:25 | 00,000,054 | ---- | M] () -- C:\WINDOWS\TwainUI.INI
[2009/12/06 14:18:46 | 00,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2009/12/03 21:04:17 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\My Documents\BJ.doc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/16 16:36:17 | 00,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2009/12/16 16:36:14 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2009/12/13 21:41:22 | 00,054,912 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Desktop\BootCheck.exe
[2009/12/13 19:01:33 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Desktop\avenger.zip
[2009/12/13 13:06:43 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Desktop\SystemLook.exe
[2009/12/12 14:43:33 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Desktop\settings.dat
[2009/12/11 18:13:42 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Desktop\gmer.exe
[2009/12/09 22:34:41 | 00,120,444 | ---- | C] () -- C:\WINDOWS\System32\$winnt$r.sys
[2009/12/06 14:18:46 | 00,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2009/12/03 21:04:17 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\My Documents\BJ.doc
[2009/09/04 22:48:30 | 00,002,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/24 18:18:27 | 00,000,075 | ---- | C] () -- C:\WINDOWS\ccard100.ini
[2009/07/03 10:07:31 | 00,000,442 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Application Data\wklnhst.dat
[2009/01/31 12:04:37 | 00,003,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/19 18:56:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 18:54:28 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/19 18:54:28 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 03:02:34 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/25 16:14:36 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/04/02 16:56:15 | 00,003,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/13 16:15:21 | 00,000,054 | ---- | C] () -- C:\WINDOWS\TwainUI.INI
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/11 20:17:40 | 00,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/30 11:29:26 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2006/12/30 10:54:09 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2006/12/30 10:50:53 | 00,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006/12/30 10:20:06 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2006/12/30 10:20:06 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2006/12/30 10:20:06 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2006/12/30 10:20:06 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2006/12/30 10:20:05 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/12/24 10:07:23 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Application Data\dvd.bmk
[2006/12/07 20:25:22 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/07 20:24:42 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Local Settings\Application Data\fusioncache.dat
[2006/11/25 11:41:06 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\TTSServer.dll
[2006/11/25 11:40:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Setup32.INI
[2006/11/20 17:03:40 | 00,000,031 | ---- | C] () -- C:\WINDOWS\VBA.INI
[2006/11/20 16:49:14 | 00,115,712 | ---- | C] () -- C:\Documents and Settings\Randy Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/19 16:19:25 | 00,002,690 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2006/11/19 14:53:50 | 00,007,185 | ---- | C] () -- C:\WINDOWS\MSACC20.INI
[2006/11/19 14:53:47 | 00,002,354 | ---- | C] () -- C:\WINDOWS\ARTGALRY.INI
[2006/11/19 14:53:47 | 00,001,321 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2006/11/19 14:53:43 | 00,000,124 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/11/19 14:53:42 | 00,001,722 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/11/19 14:53:42 | 00,000,129 | ---- | C] () -- C:\WINDOWS\ODBCISAM.INI
[2006/11/19 14:53:40 | 00,001,695 | ---- | C] () -- C:\WINDOWS\EXCEL5.INI
[2006/11/19 14:53:39 | 00,000,406 | ---- | C] () -- C:\WINDOWS\Winhelp.ini
[2006/11/19 14:53:39 | 00,000,135 | ---- | C] () -- C:\WINDOWS\msquery.ini
[2006/11/19 14:53:38 | 00,000,144 | ---- | C] () -- C:\WINDOWS\INDEO.INI
[2006/11/19 14:52:41 | 00,000,535 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[2006/11/19 14:52:27 | 00,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[2006/11/19 14:52:20 | 00,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[2006/11/19 14:51:45 | 00,002,338 | ---- | C] () -- C:\WINDOWS\IMAGER.INI
[2006/11/19 14:37:52 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8BCF7879EB.sys
[2006/11/19 14:12:26 | 00,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2006/11/19 14:10:44 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2006/11/19 13:52:06 | 00,000,978 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/13 11:03:34 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/13 10:56:35 | 00,001,246 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/13 10:49:26 | 00,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/13 10:20:32 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/29 12:38:24 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 12:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/02/14 19:07:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2009/02/14 19:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2009/02/21 17:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2008/03/30 07:15:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/06/23 09:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/02/14 19:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2008/06/16 18:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/12/30 11:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/12/30 11:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2006/11/24 16:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/12/31 12:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/12/03 16:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2006/11/13 10:45:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/03 20:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2008/06/22 20:58:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/12/25 08:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/17 17:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\FUJIFILM
[2006/11/19 13:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Leadertech
[2009/06/12 22:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\MSNInstaller
[2006/11/19 13:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Opera
[2009/12/10 19:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\PC
[2008/02/01 21:16:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Snapfish
[2009/07/03 10:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Template
[2009/10/03 20:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\W Photo Studio
[2009/10/03 20:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Walgreens
[2009/12/16 21:45:14 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0BC5FF3F-6819-4A6C-92AF-AE4D28C12C86}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2008/06/03 19:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/11/19 13:52:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/12/26 14:17:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/03/22 21:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/02/14 19:07:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2006/11/13 10:43:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/02/14 19:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2009/10/10 23:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/11/13 10:57:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2009/01/31 12:04:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/05/07 20:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/05/07 20:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2006/11/13 10:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/05 08:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/01/19 19:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/21 17:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2008/03/30 07:15:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/10/23 08:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/06/23 09:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2007/01/26 13:07:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/14 19:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2008/06/16 18:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/16 10:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2007/09/17 16:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2006/12/30 11:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/12/30 11:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2006/11/24 16:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/02/21 17:07:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/11/25 08:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/08/10 12:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/12/31 12:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/11/13 10:50:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2007/08/25 16:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2006/12/03 16:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2006/11/19 15:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/11/13 10:45:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/03 20:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2006/12/02 17:15:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/06/22 20:58:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/01/10 20:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/01/10 19:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/10/03 16:25:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2008/12/25 08:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/07/04 13:35:40 | 00,054,632 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
[2008/12/25 07:58:27 | 00,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe
[2006/11/19 14:20:27 | 00,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\DellSupportODBK.exe
[2006/11/19 14:19:04 | 00,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\fix\DellSupportLauncher.exe
[2006/11/19 14:20:27 | 00,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\fix\DellSupportODBK.exe
[2006/11/19 14:19:04 | 00,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
[2006/11/13 10:57:01 | 00,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\item_templ\coach\RunGdp.exe
[2006/11/13 10:57:03 | 00,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\MakeDesktopShortcut.EXE
[2006/11/13 10:57:03 | 00,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\fix\DellSupportLauncher.exe
[2006/11/13 10:57:05 | 00,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\MakeDesktopShortcut.EXE
[2006/11/13 10:57:06 | 00,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportLauncher.exe
[2009/12/10 18:16:27 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009/10/10 23:48:30 | 01,886,320 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
[2006/12/08 15:56:34 | 00,081,920 | ---- | M] (WebEx) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\f97dc250-1e23-4752-74f4-b090807d2a45.yplugin\WebEx\atasanot.exe
[2008/11/05 21:03:14 | 00,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

< %APPDATA%\*. >
[2008/12/26 15:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Adobe
[2008/06/03 19:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\AdobeUM
[2008/12/25 08:30:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Apple Computer
[2007/02/22 10:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Corel
[2008/06/16 08:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\DivX
[2008/06/16 20:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\DVD Flick
[2009/02/17 17:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\FUJIFILM
[2009/10/10 23:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Google
[2006/11/13 10:57:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Gtek
[2007/11/17 17:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Help
[2009/05/07 20:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\HP
[2004/08/10 12:08:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Identities
[2006/11/13 10:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\InstallShield
[2008/03/01 16:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Intuit
[2006/11/19 13:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Leadertech
[2006/12/03 12:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Macromedia
[2009/10/23 08:06:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Malwarebytes
[2009/01/23 21:00:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Microsoft
[2009/01/10 08:08:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Mozilla
[2009/06/12 22:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\MSNInstaller
[2006/11/19 13:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Opera
[2009/12/10 19:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\PC
[2008/02/01 21:16:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Snapfish
[2007/04/24 15:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Sonic
[2007/08/28 14:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Sony Corporation
[2006/11/19 16:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Spybot - Search & Destroy
[2006/11/21 21:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Sun
[2009/07/03 10:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Template
[2009/10/30 20:11:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\U3
[2009/10/03 20:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\W Photo Studio
[2009/10/03 20:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Walgreens
[2009/01/10 19:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\Yahoo!
[2009/12/06 20:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Randy Wilson\Application Data\ZoomBrowser EX

< %APPDATA%\*.exe /s >
[2007/09/17 15:53:13 | 21,277,080 | ---- | M] ( ) -- C:\Documents and Settings\Randy Wilson\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2008/06/03 19:47:41 | 19,900,192 | ---- | M] ( ) -- C:\Documents and Settings\Randy Wilson\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
[2007/12/29 10:51:54 | 01,523,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Randy Wilson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2007/04/01 10:15:42 | 00,010,134 | R--- | M] () -- C:\Documents and Settings\Randy Wilson\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\ARPPRODUCTICON.exe
[2007/04/01 10:15:42 | 00,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Randy Wilson\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe
[2006/12/30 10:49:29 | 00,029,926 | R--- | M] () -- C:\Documents and Settings\Randy Wilson\Application Data\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
[2006/04/05 18:38:10 | 00,110,592 | ---- | M] () -- C:\Documents and Settings\Randy Wilson\Application Data\U3\temp\cleanup.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009/12/14 19:15:19 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\ATAPI.SYS
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 10:30:52 | 00,247,808 | R--- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\cmdcons\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 18:51:32 | 00,099,840 | R--- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\cmdcons\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >
  • 0

#34
hammerman
Posted 17 December 2009 - 05:14 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

How's your computer running?

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 2 --

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#35
wilsonrandy
Posted 18 December 2009 - 09:38 PM

wilsonrandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
The computer seems to be running better. However, as you will see below, MalwareBytes is continuing to find infected files...



One question, when we finish all the scans, is it possible to eliminate the option on boot-up where I have to choose Windows Recovery Console or normal startup?






All processes killed
========== OTL ==========
C:\atapi.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner

User: Randy Wilson
->Temp folder emptied: 29905 bytes
->Temporary Internet Files folder emptied: 14091767 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40253499 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 22144573 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 5643472 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 78.48 mb


OTL by OldTimer - Version 3.1.17.0 log created on 12182009_195024

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_578.dat moved successfully.

Registry entries deleted on Reboot...











Malwarebytes' Anti-Malware 1.42
Database version: 3344
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/18/2009 9:36:14 PM
mbam-log-2009-12-18 (21-36-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 219619
Time elapsed: 1 hour(s), 8 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1088\A0199614.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1088\A0199639.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1088\A0199661.exe (Trojan.Banker) -> Quarantined and deleted successfully.
  • 0

#36
hammerman
Posted 18 December 2009 - 09:46 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Those infected files are in your restore points and we will remove those at the end. They won't do any harm. Can you continue with the ESET scan.

We can remove the RC option if you want. I'll give you some more information on this when we clean up.
  • 0

#37
wilsonrandy
Posted 18 December 2009 - 11:22 PM

wilsonrandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16945 (vista_gdr.091027-0049)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b1cec7efed713541b15a480cba87b4d8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-19 04:40:46
# local_time=2009-12-18 10:40:46 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 16775125 100 98 0 196557611 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 50 4 22849639 22849639 0 0
# scanned=97007
# found=0
# cleaned=0
# scan_time=3191
  • 0

#38
hammerman
Posted 19 December 2009 - 03:52 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Congratulations, your computer appears clean :)

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
-- Step 2 --

Your backup files in the System Restore points may be infected and need to be cleared. The only way to do this is to turn off System Restore and then turn it back on again. This will delete all your backup files in the System Restore points, including any that are infected. You can then create a new restore point containing your clean files. Please follow these instructions.

  • Right-click on My Computer and select Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply then click Yes to confirm. This will remove all your System Restore points and infected files.
  • Now uncheck the Turn off System Restore, click Apply then OK.
A new Restore Point has now been created containing backup files for your computer that are clean. You can create additional Restore Points at any time. Click here for instructions.

Recovery Console
The Recovery Console is the only option sometimes to remove malware from a computer (as in your case). For this reason we recommend you keep the RC installed on your machine. If the startup delay is too much, we can adjust that so the menu appears for only 2 or 3 secs and then carries on the boot-up normally. If you want to delete the RC, there are instructions here on how to delete it.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

Your Adobe reader needs updating. You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#39
wilsonrandy
Posted 20 December 2009 - 09:12 AM

wilsonrandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hammerman,
I want to offer a very sincere thank you for all of your efforts. It is VERY much appreciated!

A final question please, if I may.


Can you tell me how to reduce the delay on the Recovery Console start-up option?
  • 0

#40
hammerman
Posted 20 December 2009 - 09:34 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Procedure to change Recovery Console time delay
  • Right-click on My Computer and select Properties
  • Select Advanced tab
  • Click on Settings under Startup and Recovery
  • Enter required delay in Time delay to display list of operatng systems
  • Click OK and OK again.

  • 0

Advertisements

#41
hammerman
Posted 22 December 2009 - 01:21 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP