Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Google redirect and Axwin Frame Window error [Solved]


  • This topic is locked This topic is locked

#1
rgas999

rgas999

    Member

  • Member
  • PipPip
  • 11 posts
Help please. Up to this point I have always been able to workout whatever issue I have had but this one has me stumded.

When I boot I get a Data Execution Prevention error: Generic Host Process foe Win32 Services.
After about 10 minutes I get : Axwin Frame Window Error: svcshost.exe application error.

I am unable to restore to any point and I cannot start in Safe mode. When safe mode is selected it looks like it is starting but a blue screen flashes and the system restarts.

Gmer will not complete.

Here are my MBAM and OTL logs:

MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3619
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/01/2010 9:22:10 AM
mbam-log-2010-01-24 (09-22-10).txt

Scan type: Quick Scan
Objects scanned: 136243
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL:

OTL logfile created on: 24/01/2010 10:31:25 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\liouelletgaston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 565.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.77 Gb Total Space | 4.68 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
Drive D: | 44.71 Gb Total Space | 41.72 Gb Free Space | 93.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STU-LIOULLET
Current User Name: liouelletgaston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/19 06:57:44 | 02,743,104 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/19 06:57:41 | 00,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/18 18:15:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\OTL.exe
PRC - [2009/11/15 14:39:24 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/15 14:39:24 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/14 20:30:19 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/05/03 10:32:12 | 01,099,280 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
PRC - [2007/04/19 05:42:30 | 00,759,312 | ---- | M] () -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
PRC - [2006/01/19 15:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/11/16 21:35:16 | 00,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/07 19:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/27 21:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/06/16 11:11:42 | 00,049,152 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/06/29 04:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 02:24:00 | 00,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 00:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/18 18:15:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SynchronEyes Software 7.0 Helper Service)
SRV - File not found [Auto | Stopped] -- -- (DataSvr2)
SRV - [2010/01/19 06:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/19 06:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/19 06:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/15 14:39:24 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/14 22:23:01 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/24 08:29:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/26 13:41:56 | 00,503,608 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/05/03 10:32:12 | 01,099,280 | ---- | M] (SMART Technologies Inc.) [Auto | Running] -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2007/04/19 05:42:30 | 00,759,312 | ---- | M] () [Auto | Running] -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/01/19 15:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/08/30 17:36:00 | 00,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/21 20:28:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/21 20:28:50 | 00,000,000 | ---D | M]

[2009/12/21 20:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\Mozilla\Firefox\Profiles\n8yqeo5a.default\extensions
[2009/12/21 20:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\Mozilla\Firefox\Profiles\n8yqeo5a.default\extensions\staged-xpis
[2009/12/21 20:29:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 20:28:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/10/26 00:47:32 | 00,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/10/26 00:47:33 | 00,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/10/26 00:47:34 | 00,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/10/26 00:47:34 | 00,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/10/26 00:47:35 | 00,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148646225671 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258253142796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcs.on.ca
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (karna.datS\Extens.) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SEGina.dll) - C:\WINDOWS\System32\SEGina.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{27ddceac-809b-11dc-8dac-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{27ddceac-809b-11dc-8dac-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27ddceac-809b-11dc-8dac-806d6172696f}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{ba185134-d191-11de-9fbd-0016cf296ce7}\Shell\AutoRun\command - "" = F:\9g86.exe -- File not found
O33 - MountPoints2\{ba185134-d191-11de-9fbd-0016cf296ce7}\Shell\open\Command - "" = F:\9g86.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 17:02:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (50950363808792576)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/23 09:51:02 | 00,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/23 09:51:01 | 00,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/23 09:51:00 | 00,023,248 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/23 09:50:59 | 00,046,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/23 09:50:57 | 00,100,304 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/23 09:50:57 | 00,094,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/23 09:50:57 | 00,028,240 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/23 09:44:21 | 00,152,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/23 09:44:21 | 00,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/23 09:44:13 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/23 09:44:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/23 09:36:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Local Settings\Application Data\Threat Expert
[2010/01/23 09:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/23 07:54:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Application Data\Sonic
[2010/01/18 18:15:12 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\OTL.exe
[2010/01/18 18:14:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Desktop\Protection
[2010/01/17 18:29:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Application Data\Leadertech
[2010/01/16 09:20:37 | 00,000,000 | ---D | C] -- D:\My Documents\Downloads
[2010/01/16 09:19:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Application Data\BitTorrent
[2010/01/14 21:32:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/11/15 06:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/20 23:53:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/06/07 09:13:59 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/08/11 17:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/11 17:06:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/05/08 03:08:58 | 02,893,958 | ---- | C] (Macromedia, Inc.) -- C:\Program Files\Robolab.exe
[9 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/24 10:26:05 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/24 10:26:05 | 00,446,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/24 10:26:05 | 00,073,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/24 10:22:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/01/24 10:22:01 | 00,098,327 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/01/24 10:21:57 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/24 10:21:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 10:21:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/24 10:21:23 | 10,718,33088 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/24 09:22:54 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\Desktop\gmer.exe
[2010/01/24 09:02:05 | 04,411,392 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\ntuser.dat
[2010/01/23 14:11:06 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\liouelletgaston\ntuser.ini
[2010/01/23 09:51:02 | 00,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/01/23 09:50:58 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/23 08:13:29 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/23 08:13:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/23 08:13:29 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2010/01/23 08:04:28 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/22 22:35:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/19 21:37:39 | 00,098,327 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/01/19 08:13:58 | 00,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/19 06:57:59 | 00,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/19 06:57:39 | 00,152,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/19 06:46:52 | 00,046,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/19 06:43:40 | 00,023,248 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/19 06:43:12 | 00,100,304 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/19 06:43:08 | 00,094,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/19 06:42:57 | 00,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/19 06:42:40 | 00,028,240 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/18 18:15:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\OTL.exe
[2010/01/15 20:47:13 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\Desktop\Microsoft Office Word 2003.lnk
[9 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/23 09:51:02 | 00,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/01/18 18:33:06 | 04,411,392 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\ntuser.dat
[2008/09/09 21:37:23 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/06 09:53:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\winstats.ini
[2008/09/06 09:53:31 | 00,000,420 | ---- | C] () -- C:\WINDOWS\winhist.ini
[2008/01/20 22:53:54 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/11 09:26:51 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\Local Settings\Application Data\fusioncache.dat
[2007/10/24 10:35:04 | 00,000,021 | ---- | C] () -- C:\WINDOWS\winplot.ini
[2007/10/24 10:35:03 | 00,000,651 | ---- | C] () -- C:\WINDOWS\winpl2.ini
[2007/08/17 08:19:59 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/13 14:01:14 | 00,140,552 | ---- | C] () -- C:\WINDOWS\System32\SEGina.dll
[2007/01/27 11:50:56 | 00,223,730 | ---- | C] () -- C:\Program Files\setuplog.txt
[2007/01/27 11:47:59 | 00,000,184 | ---- | C] () -- C:\Program Files\install.txt
[2006/06/28 09:02:07 | 00,000,873 | ---- | C] () -- C:\WINDOWS\LMAAJ2DD.ini
[2006/06/28 09:00:49 | 00,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2006/06/07 09:13:57 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/06/02 13:12:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/06/02 08:41:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/20 00:26:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/20 00:25:06 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/20 00:22:20 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll.bak
[2006/05/20 00:22:20 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll.bak
[2006/05/20 00:02:50 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/20 00:02:50 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/20 00:02:50 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/20 00:02:50 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/20 00:02:46 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/20 00:02:18 | 00,000,491 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/09 12:24:10 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2005/11/10 08:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 21:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/01 06:42:44 | 00,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2004/09/01 06:42:44 | 00,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2004/09/01 06:42:44 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2004/09/01 06:42:44 | 00,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2004/09/01 06:42:44 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2004/09/01 06:42:44 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2004/09/01 06:42:44 | 00,000,002 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/05/21 00:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/07 13:53:12 | 00,002,488 | ---- | C] () -- C:\Program Files\Readme.txt
[2002/07/24 12:23:53 | 00,823,296 | ---- | C] () -- C:\WINDOWS\System32\Nsppx.dll
[2002/07/24 12:23:52 | 00,811,520 | ---- | C] () -- C:\WINDOWS\System32\Nspp6.dll
[2002/07/24 12:23:51 | 00,829,952 | ---- | C] () -- C:\WINDOWS\System32\Nspp5.dll
[2002/07/24 12:23:50 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\Nspp4.dll
[2002/07/24 12:23:49 | 00,847,872 | ---- | C] () -- C:\WINDOWS\System32\Nspm5.dll
[2002/07/24 12:23:49 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Nsp.dll
[2002/07/24 12:23:48 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\Cpuid32.dll
[2002/07/24 05:08:54 | 00,059,124 | ---- | C] () -- C:\Program Files\router.dxr
[2002/07/15 08:27:32 | 00,180,616 | ---- | C] () -- C:\Program Files\router_translation.cst
[2002/01/04 22:26:36 | 00,005,833 | ---- | C] () -- C:\Program Files\License.txt

========== LOP Check ==========

[2010/01/23 09:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/10/24 10:37:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2007/10/24 10:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
[2010/01/23 09:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/20 00:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/01/23 07:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\BitTorrent
[2010/01/17 18:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\Leadertech
[2010/01/07 21:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\LimeWire
[2007/01/15 11:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\OfficeUpdate12
[2007/10/24 07:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\SMART Technologies Inc

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/14 21:54:54 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/14 21:54:54 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/14 21:54:54 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/14 21:54:54 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras:

OTL Extras logfile created on: 24/01/2010 10:31:25 AM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\liouelletgaston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 565.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.77 Gb Total Space | 4.68 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
Drive D: | 44.71 Gb Total Space | 41.72 Gb Free Space | 93.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STU-LIOULLET
Current User Name: liouelletgaston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"12001:UDP" = 12001:UDP:*:Enabled:SMART WebServer Handshake Multicast Port

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\SynchronEyes Student 7.0\StudentConfig.exe" = C:\Program Files\SynchronEyes Student 7.0\StudentConfig.exe:*:Enabled:SynchronEyes™ StudentConfig -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\SynchronEyes Student 7.0\dax64.exe" = C:\Program Files\SynchronEyes Student 7.0\dax64.exe:*:Disabled:SynchronEyes™ Student -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3131FD7B-FD3A-4926-8B72-005AF32EBF73}" = Fathom 2.1
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46486451-E60F-42C3-92D7-796D8594688A}" = SMART Board Software
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4BBB7E33-4B07-4B8E-8A43-2BE0C4582ADC}" = Logger Pro 3.3
"{4DC49A9A-6DD0-40D2-A851-527764DA8379}" = Adobe Setup
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{60B28ECA-78BC-4D18-AB63-4A9A93BF881D}" = Adobe Creative Suite 3 Master Collection
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2922CF8-040F-4049-9B5A-BC98FC21B9B9}" = ChemLab
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF8B49B4-98C5-4F55-B743-7956B24567C0}" = SMART Essentials for Educators
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_915239ded2552e78978d0dbab7657a5" = Add or Remove Adobe Creative Suite 3 Master Collection
"Auralia 2.1" = Auralia 2.1
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"FX Draw 2_is1" = FX Draw 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"LimeWire" = LimeWire 4.16.6
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.9)" = Mozilla Firefox (2.0.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musition 2" = Musition 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ROBOLAB" = ROBOLAB
"Sketchpad" = Sketchpad
"SmartMusic 10" = SmartMusic 10
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"The Moving Man" = The Moving Man

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/01/2010 10:14:05 AM | Computer Name = STU-LIOULLET | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0283f7a0.

Error - 24/01/2010 10:14:50 AM | Computer Name = STU-LIOULLET | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for TCS\liouelletgaston failed to
contact the active directory (0x8007054b). The specified domain either does not
exist or could not be contacted. Enrollment will not be performed.

Error - 24/01/2010 11:21:46 AM | Computer Name = STU-LIOULLET | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 24/01/2010 11:21:46 AM | Computer Name = STU-LIOULLET | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 24/01/2010 11:21:55 AM | Computer Name = STU-LIOULLET | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 24/01/2010 11:21:56 AM | Computer Name = STU-LIOULLET | Source = UserInit | ID = 1000
Description = Could not execute the following script pushprinterconnections.exe.
The system cannot find the file specified. .

Error - 24/01/2010 11:21:56 AM | Computer Name = STU-LIOULLET | Source = UserInit | ID = 1000
Description = Could not execute the following script lgn-std.bat. The system cannot
find the file specified. .

Error - 24/01/2010 11:23:06 AM | Computer Name = STU-LIOULLET | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for TCS\liouelletgaston failed to
contact the active directory (0x8007054b). The specified domain either does not
exist or could not be contacted. Enrollment will not be performed.

Error - 24/01/2010 11:28:03 AM | Computer Name = STU-LIOULLET | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.

Error - 24/01/2010 11:29:36 AM | Computer Name = STU-LIOULLET | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02b5f7a0.

[ System Events ]
Error - 24/01/2010 11:21:46 AM | Computer Name = STU-LIOULLET | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain TCS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 24/01/2010 11:21:47 AM | Computer Name = STU-LIOULLET | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 24/01/2010 11:21:47 AM | Computer Name = STU-LIOULLET | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 24/01/2010 11:22:54 AM | Computer Name = STU-LIOULLET | Source = Service Control Manager | ID = 7000
Description = The DataSvr2 service failed to start due to the following error: %%2

Error - 24/01/2010 11:22:54 AM | Computer Name = STU-LIOULLET | Source = Service Control Manager | ID = 7000
Description = The SynchronEyes Software 7.0 Helper Service service failed to start
due to the following error: %%2

Error - 24/01/2010 11:22:54 AM | Computer Name = STU-LIOULLET | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 24/01/2010 11:23:31 AM | Computer Name = STU-LIOULLET | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 24/01/2010 11:38:35 AM | Computer Name = STU-LIOULLET | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 24/01/2010 12:08:35 PM | Computer Name = STU-LIOULLET | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 24/01/2010 1:08:39 PM | Computer Name = STU-LIOULLET | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0

Advertisement


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{27ddceac-809b-11dc-8dac-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{27ddceac-809b-11dc-8dac-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{27ddceac-809b-11dc-8dac-806d6172696f}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- File not found
    O33 - MountPoints2\{ba185134-d191-11de-9fbd-0016cf296ce7}\Shell\AutoRun\command - "" = F:\9g86.exe -- File not found
    O33 - MountPoints2\{ba185134-d191-11de-9fbd-0016cf296ce7}\Shell\open\Command - "" = F:\9g86.exe -- File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
rgas999

rgas999

    Member

  • Member
  • PipPip
  • 11 posts
The OTL run fix ran OK but GMER will still not run. Once I press Scan it works for about 10 seconds then hangs.
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
rgas999

rgas999

    Member

  • Member
  • PipPip
  • 11 posts
Combo fix was able to run Here is the log.

ComboFix 10-01-26.02 - liouelletgaston 26/01/2010 23:27:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.1022.637 [GMT -5:00]
Running from: c:\documents and settings\liouelletgaston\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1088421979-2555689845-2326010705-1014
c:\recycler\S-1-5-21-1088421979-2555689845-2326010705-500
c:\recycler\S-1-5-21-1384774318-2894534337-4110577765-1005
c:\recycler\S-1-5-21-1384774318-2894534337-4110577765-500
c:\recycler\S-1-5-21-1833052360-195330638-4110363572-500
c:\recycler\S-1-5-21-2418045438-1593985875-241923415-500
c:\recycler\S-1-5-21-2488082858-439565203-1885533334-500
c:\recycler\S-1-5-21-2574226421-899625278-1321991626-500
c:\recycler\S-1-5-21-3482046334-1836464788-3015233268-1005
c:\recycler\S-1-5-21-3511619756-2365060635-1710076828-500
c:\recycler\S-1-5-21-3626424941-3382791230-172334229-1019
c:\recycler\S-1-5-21-3626424941-3382791230-172334229-500
c:\recycler\S-1-5-21-482331640-420107610-754275865-500
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-25 04:12 . 2010-01-25 04:12 -------- d-----w- C:\_OTL
2010-01-23 14:51 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-23 14:51 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-23 14:51 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-23 14:50 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-23 14:50 . 2010-01-19 11:43 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-23 14:50 . 2010-01-19 11:43 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-23 14:50 . 2010-01-19 11:42 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-23 14:44 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-23 14:44 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-23 14:44 . 2010-01-23 14:44 -------- d-----w- c:\program files\Alwil Software
2010-01-23 14:44 . 2010-01-23 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 14:36 . 2010-01-23 14:36 -------- d-----w- c:\documents and settings\liouelletgaston\Local Settings\Application Data\Threat Expert
2010-01-23 14:24 . 2010-01-23 14:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 13:02 . 2010-01-23 13:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-23 12:54 . 2010-01-23 12:54 -------- d-----w- c:\documents and settings\liouelletgaston\Application Data\Sonic
2010-01-17 23:29 . 2010-01-17 23:29 -------- d-----w- c:\documents and settings\liouelletgaston\Application Data\Leadertech
2010-01-16 14:19 . 2010-01-23 12:54 -------- d-----w- c:\documents and settings\liouelletgaston\Application Data\BitTorrent
2010-01-16 01:42 . 2010-01-16 01:42 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-15 02:32 . 2010-01-15 02:33 -------- d-----w- c:\windows\system32\Adobe
2010-01-12 23:35 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-28 22:44 . 2009-12-28 22:44 -------- d-sh--w- c:\documents and settings\liouelletgaston\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 03:44 . 2010-01-23 12:52 185504 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-01-20 02:37 . 2006-05-20 05:06 98327 ----a-w- c:\windows\system32\nvModes.dat
2010-01-16 01:42 . 2009-11-15 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 02:28 . 2008-01-18 21:42 -------- d-----w- c:\documents and settings\liouelletgaston\Application Data\LimeWire
2010-01-07 21:07 . 2009-11-15 22:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-11-15 22:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 01:29 . 2009-12-22 01:29 0 ----a-w- c:\windows\nsreg.dat
2009-12-21 19:14 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-29 22:00 . 2009-11-29 22:00 -------- d-----w- c:\program files\BitTorrent
2009-11-23 03:58 . 2006-06-28 13:22 81808 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-11 22:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 19:39 . 2009-11-15 19:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-15 19:38 . 2009-11-15 19:38 152576 ----a-w- c:\documents and settings\liouelletgaston\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-15 19:37 . 2009-11-15 19:37 79488 ----a-w- c:\documents and settings\liouelletgaston\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-15 03:17 . 2004-08-11 22:14 88247 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-29 07:45 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet(3).dll
2009-10-29 07:45 . 2004-08-11 22:00 1208832 ----a-w- c:\windows\system32\urlmon(3).dll
2007-01-27 16:50 . 2007-01-27 16:50 223730 ----a-w- c:\program files\setuplog.txt
2007-01-27 16:48 . 2007-01-27 16:47 184 ----a-w- c:\program files\install.txt
2002-08-07 18:53 . 2002-08-07 18:53 2488 ----a-w- c:\program files\Readme.txt
2002-07-24 10:08 . 2002-07-24 10:08 59124 ----a-w- c:\program files\router.dxr
2002-07-15 13:27 . 2002-07-15 13:27 180616 ----a-w- c:\program files\router_translation.cst
2002-05-08 08:08 . 2002-05-08 08:08 2893958 ----a-w- c:\program files\Robolab.exe
2002-01-05 03:26 . 2002-01-05 03:26 5833 ----a-w- c:\program files\License.txt
2007-10-26 05:47 . 2009-12-22 01:28 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-10-26 05:47 . 2009-12-22 01:28 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-10-26 05:47 . 2009-12-22 01:28 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-10-26 05:47 . 2009-12-22 01:28 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-10-26 05:47 . 2009-12-22 01:28 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-08 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-15 149280]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\liouelletgaston\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - d:\erunt\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-13677\Scripts\Logoff\0\0]
"Script"=lgf-std.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-13677\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-13677\Scripts\Logon\1\0]
"Script"=lgn-std.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-14498\Scripts\Logoff\0\0]
"Script"=lgf-stf.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-14498\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-14498\Scripts\Logon\1\0]
"Script"=lgn-stf.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-14498\Scripts\Logon\2\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-17896\Scripts\Logoff\0\0]
"Script"=lgf-stf.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-17896\Scripts\Logon\0\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-816728033-1264349987-922709458-17896\Scripts\Logon\1\0]
"Script"=lgn-stf.bat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-11 23:54 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 18:42 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 16:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-01-19 20:14 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/01/2010 9:51 AM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/01/2010 9:51 AM 19024]
R2 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [19/04/2007 5:42 AM 759312]
S2 SynchronEyes Software 7.0 Helper Service;SynchronEyes Software 7.0 Helper Service;c:\program files\SynchronEyes Student 7.0\synchroneyessrv.exe --> c:\program files\SynchronEyes Student 7.0\synchroneyessrv.exe [?]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\DRIVERS\smrtdrv.sys --> c:\windows\system32\DRIVERS\smrtdrv.sys [?]
S3 Synnetdrv;SynchronEyes network Service;c:\windows\system32\DRIVERS\Synnetdrv.sys --> c:\windows\system32\DRIVERS\Synnetdrv.sys [?]
S3 SynnetdrvMP;SynnetdrvMP;c:\windows\system32\DRIVERS\Synnetdrv.sys --> c:\windows\system32\DRIVERS\Synnetdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\liouelletgaston\Application Data\Mozilla\Firefox\Profiles\n8yqeo5a.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-A00F126993C - c:\docume~1\LIOUEL~1\LOCALS~1\Temp\_A00F126993C.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 23:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\SEGina.dll
.
Completion time: 2010-01-26 23:35:20
ComboFix-quarantined-files.txt 2010-01-27 04:35

Pre-Run: 4,716,679,168 bytes free
Post-Run: 4,677,148,672 bytes free

- - End Of File - - 81F0684CE8783BBAE9745EC6C74C8538

Attached Files


  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
your IT support should be fixing this


Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
rgas999

rgas999

    Member

  • Member
  • PipPip
  • 11 posts
Thank you for all of your help. I had to buy the computer when I was attending a private High School 2 years ago and have since left the school.
The IT dept does not provide any support once you have left.

MBAM ran clean.
Here is the Kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, January 28, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, January 28, 2010 01:26:03
Records in database: 3378799
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 127991
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:41:17


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.y 1
D:\My Documents\LimeWire\Saved\farewell rod stewart.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

Selected area has been scanned.
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    :Services
    
    :Reg
    
    :Files
    D:\My Documents\LimeWire\Saved\farewell rod stewart.wma
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
rgas999

rgas999

    Member

  • Member
  • PipPip
  • 11 posts
Hi,

Thanks again, I feel as thought we are getting close.

Here is the OTL log:

OTL logfile created on: 28/01/2010 8:49:58 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\liouelletgaston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 639.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.77 Gb Total Space | 4.91 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive D: | 44.71 Gb Total Space | 41.74 Gb Free Space | 93.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STU-LIOULLET
Current User Name: liouelletgaston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/19 06:57:44 | 02,743,104 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/19 06:57:41 | 00,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/18 18:15:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\OTL.exe
PRC - [2009/11/15 14:39:24 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/15 14:39:24 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/14 20:30:19 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/11 21:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/05/03 10:32:12 | 01,099,280 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
PRC - [2007/04/19 05:42:30 | 00,759,312 | ---- | M] () -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
PRC - [2006/01/19 15:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/11/16 21:35:16 | 00,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/07 19:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/27 21:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/06/16 11:11:42 | 00,049,152 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/06/29 04:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 02:24:00 | 00,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 00:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/18 18:15:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SynchronEyes Software 7.0 Helper Service)
SRV - File not found [Auto | Stopped] -- -- (DataSvr2)
SRV - [2010/01/19 06:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/19 06:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/19 06:57:41 | 00,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/15 14:39:24 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/14 22:23:01 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/24 08:29:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/26 13:41:56 | 00,503,608 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/05/03 10:32:12 | 01,099,280 | ---- | M] (SMART Technologies Inc.) [Auto | Running] -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2007/04/19 05:42:30 | 00,759,312 | ---- | M] () [Auto | Running] -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/01/19 15:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/08/30 17:36:00 | 00,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/21 00:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 00:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/21 20:28:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/21 20:28:50 | 00,000,000 | ---D | M]

[2009/12/21 20:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\Mozilla\Firefox\Profiles\n8yqeo5a.default\extensions
[2009/12/21 20:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\Mozilla\Firefox\Profiles\n8yqeo5a.default\extensions\staged-xpis
[2009/12/21 20:29:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 20:28:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/10/26 00:47:32 | 00,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/10/26 00:47:33 | 00,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/10/26 00:47:34 | 00,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/10/26 00:47:34 | 00,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/10/26 00:47:35 | 00,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2010/01/28 20:46:49 | 00,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\liouelletgaston\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = D:\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148646225671 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258253142796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tcs.on.ca
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SEGina.dll) - C:\WINDOWS\System32\SEGina.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/27 20:20:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/27 20:20:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/27 20:14:08 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/27 20:13:05 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\TFC.exe
[2010/01/26 23:07:49 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/26 23:04:22 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/26 23:04:22 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/26 23:04:22 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/26 23:04:22 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/26 23:03:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/26 23:02:47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/24 23:12:02 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/23 09:51:02 | 00,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/23 09:51:01 | 00,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/23 09:51:00 | 00,023,248 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/23 09:50:59 | 00,046,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/23 09:50:57 | 00,100,304 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/23 09:50:57 | 00,094,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/23 09:50:57 | 00,028,240 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/23 09:44:21 | 00,152,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/23 09:44:21 | 00,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/23 09:44:13 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/23 09:44:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/23 09:36:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Local Settings\Application Data\Threat Expert
[2010/01/23 09:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/23 07:54:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Application Data\Sonic
[2010/01/18 18:15:12 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\OTL.exe
[2010/01/18 18:14:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Desktop\Protection
[2010/01/17 18:29:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Application Data\Leadertech
[2010/01/16 09:20:37 | 00,000,000 | ---D | C] -- D:\My Documents\Downloads
[2010/01/16 09:19:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\liouelletgaston\Application Data\BitTorrent
[2010/01/14 21:32:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/11/15 06:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/20 23:53:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/06/07 09:13:59 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/08/11 17:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/11 17:06:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/05/08 03:08:58 | 02,893,958 | ---- | C] (Macromedia, Inc.) -- C:\Program Files\Robolab.exe
[9 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/28 20:49:38 | 00,098,327 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/01/28 20:49:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/01/28 20:49:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/28 20:48:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 20:48:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/28 20:48:41 | 10,718,33088 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/28 20:48:06 | 04,411,392 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\ntuser.dat
[2010/01/28 20:47:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\liouelletgaston\ntuser.ini
[2010/01/28 20:46:49 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/01/27 22:29:47 | 00,098,327 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/01/27 20:21:02 | 00,000,481 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/27 20:20:29 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/27 20:20:29 | 00,446,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/27 20:20:29 | 00,073,428 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/27 20:13:08 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\TFC.exe
[2010/01/26 23:36:49 | 00,001,481 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\Desktop\Windows Explorer.lnk
[2010/01/26 23:33:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/26 23:07:59 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/26 23:02:17 | 00,000,574 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/26 23:02:10 | 00,000,430 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\Desktop\NTREGOPT.lnk
[2010/01/26 23:02:10 | 00,000,417 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\Desktop\ERUNT.lnk
[2010/01/26 23:01:37 | 03,837,551 | R--- | M] () -- C:\Documents and Settings\liouelletgaston\Desktop\ComboFix.exe
[2010/01/24 09:22:54 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\Desktop\gmer.exe
[2010/01/23 09:51:02 | 00,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/01/23 09:50:58 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/23 08:13:29 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/23 08:13:29 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/23 08:04:28 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/22 22:35:40 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/19 08:13:58 | 00,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/19 06:57:59 | 00,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/19 06:57:39 | 00,152,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/19 06:46:52 | 00,046,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/19 06:43:40 | 00,023,248 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/19 06:43:12 | 00,100,304 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/19 06:43:08 | 00,094,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/19 06:42:57 | 00,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/19 06:42:40 | 00,028,240 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/18 18:15:16 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liouelletgaston\Desktop\OTL.exe
[2010/01/15 20:47:13 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\liouelletgaston\Desktop\Microsoft Office Word 2003.lnk
[9 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/27 20:21:02 | 00,000,481 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/26 23:07:58 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/26 23:07:53 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/26 23:04:22 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/26 23:04:22 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/26 23:04:22 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/26 23:04:22 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/26 23:04:22 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/26 23:02:17 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/26 23:02:10 | 00,000,430 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\Desktop\NTREGOPT.lnk
[2010/01/26 23:02:10 | 00,000,417 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\Desktop\ERUNT.lnk
[2010/01/26 23:01:37 | 03,837,551 | R--- | C] () -- C:\Documents and Settings\liouelletgaston\Desktop\ComboFix.exe
[2010/01/23 09:51:02 | 00,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/01/18 18:33:06 | 04,411,392 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\ntuser.dat
[2008/09/09 21:37:23 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/06 09:53:32 | 00,000,021 | ---- | C] () -- C:\WINDOWS\winstats.ini
[2008/09/06 09:53:31 | 00,000,420 | ---- | C] () -- C:\WINDOWS\winhist.ini
[2008/01/20 22:53:54 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/11 09:26:51 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\liouelletgaston\Local Settings\Application Data\fusioncache.dat
[2007/10/24 10:35:04 | 00,000,021 | ---- | C] () -- C:\WINDOWS\winplot.ini
[2007/10/24 10:35:03 | 00,000,651 | ---- | C] () -- C:\WINDOWS\winpl2.ini
[2007/08/17 08:19:59 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/13 14:01:14 | 00,140,552 | ---- | C] () -- C:\WINDOWS\System32\SEGina.dll
[2007/01/27 11:50:56 | 00,223,730 | ---- | C] () -- C:\Program Files\setuplog.txt
[2007/01/27 11:47:59 | 00,000,184 | ---- | C] () -- C:\Program Files\install.txt
[2006/06/28 09:02:07 | 00,000,873 | ---- | C] () -- C:\WINDOWS\LMAAJ2DD.ini
[2006/06/28 09:00:49 | 00,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2006/06/07 09:13:57 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/06/02 13:12:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/06/02 08:41:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/20 00:26:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/20 00:25:06 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/20 00:22:20 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll.bak
[2006/05/20 00:22:20 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll.bak
[2006/05/20 00:02:50 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/20 00:02:50 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/20 00:02:50 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/20 00:02:50 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/20 00:02:46 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/20 00:02:18 | 00,000,491 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/09 12:24:10 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2005/11/10 08:38:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 21:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/01 06:42:44 | 00,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2004/09/01 06:42:44 | 00,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2004/09/01 06:42:44 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2004/09/01 06:42:44 | 00,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2004/09/01 06:42:44 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2004/09/01 06:42:44 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2004/09/01 06:42:44 | 00,000,002 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/05/21 00:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/07 13:53:12 | 00,002,488 | ---- | C] () -- C:\Program Files\Readme.txt
[2002/07/24 12:23:53 | 00,823,296 | ---- | C] () -- C:\WINDOWS\System32\Nsppx.dll
[2002/07/24 12:23:52 | 00,811,520 | ---- | C] () -- C:\WINDOWS\System32\Nspp6.dll
[2002/07/24 12:23:51 | 00,829,952 | ---- | C] () -- C:\WINDOWS\System32\Nspp5.dll
[2002/07/24 12:23:50 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\Nspp4.dll
[2002/07/24 12:23:49 | 00,847,872 | ---- | C] () -- C:\WINDOWS\System32\Nspm5.dll
[2002/07/24 12:23:49 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\Nsp.dll
[2002/07/24 12:23:48 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\Cpuid32.dll
[2002/07/24 05:08:54 | 00,059,124 | ---- | C] () -- C:\Program Files\router.dxr
[2002/07/15 08:27:32 | 00,180,616 | ---- | C] () -- C:\Program Files\router_translation.cst
[2002/01/04 22:26:36 | 00,005,833 | ---- | C] () -- C:\Program Files\License.txt

========== LOP Check ==========

[2010/01/23 09:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/10/24 10:37:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2007/10/24 10:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
[2010/01/23 09:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/20 00:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/01/23 07:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\BitTorrent
[2010/01/17 18:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\Leadertech
[2010/01/07 21:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\LimeWire
[2007/01/15 11:00:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\OfficeUpdate12
[2007/10/24 07:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\liouelletgaston\Application Data\SMART Technologies Inc

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
rgas999

rgas999

    Member

  • Member
  • PipPip
  • 11 posts
Again,


Thank you for all of your assistance. I have read your suggestions and made some changes in my setup and Internet practices.

This issue is closed.

Cheers
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: Google redirect and Axwin Frame Window error [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured