Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer infected with unknown virus - boot hijack detected [Solved]

Started by Chris_Yannick , Dec 31 2009 02:26 PM

  • This topic is locked This topic is locked

#31
Chris_Yannick
Posted 14 January 2010 - 10:36 PM

Chris_Yannick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Cruise,

The OTL log is posted below. Thanks - Chris




OTL logfile created on: 1/14/2010 5:12:25 PM - Run
OTLPE by OldTimer - Version 3.1.23.0 Folder = X:\Programs\OTLPE
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 812.00 Mb Available Physical Memory | 79.00% Memory free
922.00 Mb Paging File | 854.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.47 Gb Total Space | 6.88 Gb Free Space | 9.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 272.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand] -- -- (avast! Web Scanner)
SRV - File not found [On_Demand] -- -- (avast! Mail Scanner)
SRV - File not found [Auto] -- -- (avast! Antivirus)
SRV - File not found [Auto] -- -- (aswUpdSv)
SRV - [2009/09/29 15:55:54 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/01 00:56:25 | 00,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/08/31 00:44:13 | 00,029,744 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/10/08 08:52:36 | 00,157,000 | ---- | M] (Smith Micro Software, Inc.) [Auto] -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/04/20 08:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/07/07 01:52:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) [Auto] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/09/07 17:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 17:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 17:02:40 | 00,086,016 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 17:02:04 | 00,139,264 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/06/29 08:29:30 | 00,184,373 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe -- (AOLService)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WmVirHid)
DRV - File not found [Kernel | On_Demand] -- -- (WmFilter)
DRV - File not found [Kernel | On_Demand] -- -- (WmBEnum)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (winachsf)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | On_Demand] -- -- (w29n51) Intel®
DRV - File not found [Kernel | On_Demand] -- -- (vsdatant)
DRV - File not found [Kernel | On_Demand] -- -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (usbprint)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | On_Demand] -- -- (sffdisk)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | On_Demand] -- -- (sdbus)
DRV - File not found [Kernel | On_Demand] -- -- (SaiNtBus)
DRV - File not found [Kernel | On_Demand] -- -- (SaiH053c)
DRV - File not found [Kernel | On_Demand] -- -- (RivaTuner32)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (nv)
DRV - File not found [Kernel | On_Demand] -- -- (nm)
DRV - File not found [Kernel | On_Demand] -- -- (NIC1394)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | On_Demand] -- -- (IWCA)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (Ip6Fw)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HSFHWICH)
DRV - File not found [Kernel | On_Demand] -- -- (HidUsb)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | On_Demand] -- -- (Flpydisk)
DRV - File not found [Kernel | On_Demand] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (E100B) Intel®
DRV - File not found [Kernel | On_Demand] -- -- (DSproct)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DNE)
DRV - File not found [Kernel | On_Demand] -- -- (CVirtA)
DRV - File not found [Kernel | On_Demand] -- -- (CmBatt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand] -- -- (bcm4sbxp)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | On_Demand] -- -- (Arp1394)
DRV - File not found [Kernel | On_Demand] -- -- (ApfiltrService)
DRV - File not found [Kernel | Auto] -- -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - [2009/08/17 11:06:43 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/08/17 11:05:52 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 11:05:37 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 11:04:40 | 00,051,376 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 11:04:29 | 00,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/17 11:03:21 | 00,026,944 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/04/20 08:33:40 | 00,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2004/10/25 21:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2004/08/31 09:53:04 | 00,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 15:53:54 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 06:00:00 | 00,104,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\dmusic.dll -- (DMusic)
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 06:00:00 | 00,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 06:00:00 | 00,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/07/26 11:54:14 | 00,015,616 | ---- | M] (Saitek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2004/07/20 16:14:06 | 00,102,481 | ---- | M] (SigmaTel Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\STAC97.cpl -- (STAC97)
DRV - [2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/30 09:37:02 | 00,160,640 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2004/03/17 19:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2004/01/05 02:27:34 | 00,021,488 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/01/05 02:27:34 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/01/05 02:27:32 | 00,051,056 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2003/09/23 08:42:34 | 00,007,296 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2003/05/14 13:42:44 | 00,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www1.ca.dell....s...;l=en&s=gen
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway
IE - HKU\Administrator_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Chris_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Chris_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Chris_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll File not found
IE - HKU\Chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\Guest_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway
IE - HKU\Guest_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Guest_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll File not found
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Work_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\Work_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Work_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.onlane.c...l/en/index.html
IE - HKU\Work_ON_C\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Work_ON_C\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\Work_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll File not found
IE - HKU\Work_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\Chris_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Chris_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Chris_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Work_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Work_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Work_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe File not found
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1209190868\EE\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Administrator_ON_C..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE File not found
O4 - HKU\Chris_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Guest_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\Work_ON_C..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe File not found
O4 - HKU\Work_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\Work_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Chris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Chris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Chris_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Work_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Work_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Work_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Work_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Chris_ON_C\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\Chris_ON_C\..Trusted Domains: 27 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} http://shizmoo.com/activex/web665.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} http://zone.msn.com/...of.cab55579.cab (ZPA_WheelOfFortune Object)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/13 20:38:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/01/13 20:38:18 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Recent
[2010/01/10 19:35:54 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/07 16:57:02 | 00,000,000 | ---D | C] -- C:\RECYCLER(2)
[2010/01/06 16:44:43 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/05 16:38:19 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/12/22 02:07:33 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2006/10/09 15:49:37 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2006/02/14 18:57:13 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2006/02/14 18:57:13 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

========== Files - Modified Within 30 Days ==========

[2010/01/13 20:40:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/13 20:35:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/13 20:35:58 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/01/13 20:32:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/13 20:31:38 | 00,107,504 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/01/13 20:30:22 | 00,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/13 20:30:08 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/13 20:29:57 | 00,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/13 19:43:09 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/13 19:32:34 | 00,107,504 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/01/12 18:24:19 | 00,391,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/12 18:24:19 | 00,057,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/12 18:19:32 | 00,002,478 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\backup-key.reg
[2010/01/07 16:28:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/06 16:57:52 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/05 16:29:02 | 00,120,283 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\tdsskiller.zip
[2009/12/31 13:40:28 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\gmer.zip
[2009/12/29 13:55:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/26 12:03:01 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/23 14:36:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/01/12 18:19:32 | 00,002,478 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\backup-key.reg
[2010/01/10 19:18:19 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca(2).dll
[2010/01/05 16:32:45 | 00,120,283 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\tdsskiller.zip
[2009/12/31 13:46:00 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\gmer.zip
[2009/12/22 12:38:40 | 00,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/22 12:38:39 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2008/04/26 01:19:27 | 00,000,196 | ---- | C] () -- C:\WINDOWS\aeirem.ini
[2007/11/20 08:33:07 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Work\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/24 16:24:57 | 00,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/03/23 23:44:30 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\SAICFG.dll
[2006/10/09 15:49:40 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\U2ddisk.dll
[2006/04/20 08:34:38 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 08:34:24 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/12/26 12:04:47 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/05 20:25:51 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/11/20 22:41:14 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/11/19 16:46:37 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005/11/19 12:09:39 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/17 23:18:10 | 00,000,012 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/09 17:31:49 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/09 17:25:25 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/09 16:58:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/09 16:57:42 | 00,000,492 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/09 17:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/12/20 12:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/09/09 15:13:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\funkitron
[2008/07/10 18:38:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Kazaa Lite
[2005/11/17 23:23:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2008/10/01 14:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\webex

========== Purity Check ==========


< End of report >
  • 0

Advertisements

#32
Cruise475
Posted 15 January 2010 - 01:01 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hello Chris_Yannick,

Just in case things get worse, I would recommend that you start backing up any personal files that you have on your computer. From the boot-up disk that I gave you before.

Also, I would like you to try to do another system restore, but choose and older one. Farther back than the previous one that you used. Just in case, here is the instructions.

Also, do you happen to have a Windows CD?



  • Reboot to the command prompt.
  • type cd \ then enter
  • type cd "system volume information"\_resto~1 then enter
  • type dir then enter

when you hit Enter> it will list all the restore points folders
like rp1,rp2........ we have to see the last restore point to copy
the file from a recent backup. if the restore points have more than
one page then you have keep on hitting the Enter> key to view the
last restore point folder.

  • type cd rp* {where * is the desired restore point. (remember choose one that is a bit older)}
  • then type cd snaphot

    Now the command Prompt will look like this c:\system~1\_resto~1\rp*\snapshot>
  • type: copy _registry_machine_system c:\windows\system32\config\system
    press enter
  • type: copy _registry_machine_software c:\windows\system32\config\software
    press enter
  • then type exit
Then try a reboot

Let me know how that works
Cruise
  • 0

#33
Chris_Yannick
Posted 15 January 2010 - 06:43 PM

Chris_Yannick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Cruise,

I have tried what you've suggested and randomly selected various restore points (some far back, some closer), but still I am greeted with the blue screen that won't let me log into Windows. I tried booting in safe mode and normally, both to no avail.

Unfortunately i do not have a Windows CD as my laptop did not come packaged with one.

Chris
  • 0

#34
Cruise475
Posted 15 January 2010 - 09:05 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi Chris_Yannickm

Do you know anyone you may be able to borrow it from?

Cruise
  • 0

#35
Cruise475
Posted 16 January 2010 - 11:46 AM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi Chris_Yannick,

What is the make and model of your system?

Thanks
Cruise
  • 0

#36
Chris_Yannick
Posted 19 January 2010 - 12:38 PM

Chris_Yannick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Cruise,

I apologize for the delay, I was temporarily without internet.

To answer your question, I have a Dell Inspiron 9300.

Also, I do not know if I had get my hands on a copy of Windows XP anytime in the near future. I will have to ask around. Is there anything else I can do in the mean time?

Thanks,
Chris
  • 0

#37
Cruise475
Posted 19 January 2010 - 01:06 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hello Chris_Yannick,

Unfortunately I think we have exhausted all methods to try to get your system up and running again. According to Dell's Website you should have a recovery partition installed on your system.

You can follow these instructions from dell on how to perform a system restore if your computer has the recovery partition. Unfortunately all your data will be lost in the process. I would recommend that you back up as much data and files as you need prior to doing this procedure.

You can use a Linux Live CD in order to help you access and backup any personal files/data that you may require. You can find Linux Live here.

Cruise
  • 0

#38
Chris_Yannick
Posted 20 January 2010 - 03:59 PM

Chris_Yannick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi Cruise,

I have successfully restored my laptop to the default factory settings using the recovery partition method. I have my internet back up and running and everything seems to be functioning normally again. Thanks for all your help!

Chris
  • 0

#39
Cruise475
Posted 20 January 2010 - 07:55 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hey Chris_Yannick,

You are welcome! Sometimes things don't work out as planned. But you are up and running again which is the ultimate goal. Seeing as you have a fresh install, I feel that you could still benifit from the following information.

Antispyware Programs:
I recommend the following programs to help keep your computer safe from future attacks. Be sure to keep them updated, and scan your computer at least once a month.
* SpywareBlaster to help prevent spyware from installing in the first place.
* SpywareGuard to catch and block spyware before it can execute.
* IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

Antivirus Protection.
This is basically a necessity! Be sure to have an up-to-date antivirus program installed and running on your computer. But remember, only one program should be installed at a time to prevent conflicts. As with any other tool, It needs to be updated regurarly to help combat the newest threats. I recommend the following FREE Antivirus Programs.
AntiVir
Avast

Firewall.
A firewall is just as important as a reliable antivirus program. A firewall acts as a barrier between you and the rest of the world. It blocks all internet traffic from reaching your computer that you have not approved. If you don't use a firewall it will open up your computer to attacks Criminals can break into your computer and steal your personal information, or to even use your computer for anything they please.

Additional, Just as you should only have one antivirus program installed on your system, you should only have ONE firewall installed. If you have more than one installed, they will conflict with each other and not work properly.

Here are a few Free Personal Firewalls

Comodo Free Firewall
Zone Alarm Free
Sunbelt-Kerio


Next, you can use the MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
http://mvps.org/winhelp2002/hosts.htm


Lastly, To find out more information about how you got infected in the first place, and some pointers to follow to prevent future infections. Check out this article by Tony Klein. How did I get infected in the first place?


Good Luck,
Cruise
  • 0

#40
Chris_Yannick
Posted 20 January 2010 - 10:30 PM

Chris_Yannick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks again Cruise. :) I will definitely take heed of your advice and be more vigilant about internet security in the future.

Cheers,
Chris
  • 0

Advertisements

#41
Essexboy
Posted 21 January 2010 - 03:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP