[matt21]

Hi,a couple of days ago I downloaded an mp3 file that may have contained a virus as when I downloaded the mp3 file my security software detected a virus and dissenfected the file but a popup window came up displaying a message that my computer was infected(I don't exactly remember what the message said)so I clicked on the x in the corner to close the popup and I was then automatically redirected to an online site that started doing a scan.I closed that window very quick and ran a complete scan with Norton antivirus 2010 which didn't detect anything,I have also ran the MalwareBytes scan which didn't detect anything and TFC which did clean 65MB,I was unable to run GMER as it is not compatible with Windows 7,I have not had any problems since i received the popup but i just want to be sure nothing is hiding,below is both OTL logs,thanks.

Matt


OTL logfile created on: 17/02/2010 12:34:36 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\All\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.14 Gb Total Space | 166.51 Gb Free Space | 77.04% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 7.60 Gb Free Space | 98.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALL-PC
Current User Name: All
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/17 00:31:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\All\Downloads\OTL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/12/09 01:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/16 16:06:32 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2009/09/03 15:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2009/07/28 21:12:56 | 007,625,248 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/01 13:51:52 | 001,468,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/06/01 13:51:52 | 000,448,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/10 03:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2008/09/10 03:11:09 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2008/08/14 10:40:44 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/08/14 10:40:36 | 001,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/04/24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe


========== Modules (SafeList) ==========

MOD - [2010/02/17 00:31:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\All\Downloads\OTL.exe
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 17:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/08 14:49:37 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/09 01:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe -- (NAV)
SRV - [2009/10/16 16:06:32 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2009/10/16 15:53:44 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/10 19:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 80 0B 80 A5 8D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\ [2010/02/13 17:34:33 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.133.100 75.154.133.68
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 18:37:08 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/17 00:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/17 00:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/17 00:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/17 00:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/17 00:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/02/17 00:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/17 00:11:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/16 23:49:55 | 000,000,000 | ---D | C] -- C:\Users\All\AppData\Roaming\Malwarebytes
[2010/02/16 23:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/13 17:33:51 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/02/13 17:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/02/13 17:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/13 17:33:34 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1105000.07F\cchpx86.sys
[2010/02/13 17:33:34 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1105000.07F\symtdiv.sys
[2010/02/13 17:33:34 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1105000.07F\SymDS.sys
[2010/02/13 17:33:34 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1105000.07F\srtsp.sys
[2010/02/13 17:33:34 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1105000.07F\SymEFA.sys
[2010/02/13 17:33:34 | 000,116,272 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1105000.07F\Ironx86.sys
[2010/02/13 17:33:34 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1105000.07F\srtspx.sys
[2010/02/13 17:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/02/13 17:33:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/02/13 17:33:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1105000.07F
[2010/02/13 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/02/13 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/02/13 17:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/02/08 14:49:47 | 000,000,000 | ---D | C] -- C:\Users\All\AppData\Local\Google
[2010/02/08 14:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/02/02 23:03:23 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010/02/02 23:03:23 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010/02/02 23:03:23 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010/02/02 23:03:22 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010/02/02 23:03:22 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010/02/02 23:03:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010/02/02 23:03:22 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010/02/02 23:03:21 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010/02/02 23:03:21 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010/02/02 22:52:52 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2009/10/15 21:32:46 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoin.dll

========== Files - Modified Within 14 Days ==========

[2010/02/17 00:37:07 | 001,310,720 | -HS- | M] () -- C:\Users\All\ntuser.dat
[2010/02/17 00:23:52 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/17 00:22:59 | 000,947,106 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1105000.07F\Cat.DB
[2010/02/17 00:22:21 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/17 00:08:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/17 00:08:20 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/17 00:01:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/17 00:01:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/17 00:01:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/17 00:00:57 | 1407,586,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/16 23:59:49 | 004,577,937 | -H-- | M] () -- C:\Users\All\AppData\Local\IconCache.db
[2010/02/16 23:59:44 | 000,000,000 | ---- | M] () -- C:\Windows\NDSTray.INI
[2010/02/16 23:54:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/16 21:54:55 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/16 21:54:55 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/16 21:54:55 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/13 17:33:51 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/02/13 17:33:51 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/02/13 17:33:51 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/02/13 17:33:42 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/02/12 20:16:17 | 000,007,571 | ---- | M] () -- C:\Users\All\AppData\Local\Resmon.ResmonCfg
[2010/02/12 19:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\All\ntuser.dat{74322d06-1844-11df-b058-0024d2d09ea1}.TMContainer00000000000000000002.regtrans-ms
[2010/02/12 19:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\All\ntuser.dat{74322d06-1844-11df-b058-0024d2d09ea1}.TMContainer00000000000000000001.regtrans-ms
[2010/02/12 19:11:23 | 000,065,536 | -HS- | M] () -- C:\Users\All\ntuser.dat{74322d06-1844-11df-b058-0024d2d09ea1}.TM.blf
[2010/02/12 09:53:12 | 000,065,536 | -HS- | M] () -- C:\Users\All\ntuser.dat{4a094bc1-17fd-11df-b0c8-0024d2d09ea1}.TM.blf
[2010/02/12 09:53:11 | 000,524,288 | -HS- | M] () -- C:\Users\All\ntuser.dat{4a094bc1-17fd-11df-b0c8-0024d2d09ea1}.TMContainer00000000000000000002.regtrans-ms
[2010/02/12 09:53:11 | 000,524,288 | -HS- | M] () -- C:\Users\All\ntuser.dat{4a094bc1-17fd-11df-b0c8-0024d2d09ea1}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 01:28:20 | 000,065,536 | -HS- | M] () -- C:\Users\All\NTUSER.DAT{b592689e-14e7-11df-9ad5-001e33d60508}.TM.blf
[2010/02/09 01:28:19 | 000,524,288 | -HS- | M] () -- C:\Users\All\NTUSER.DAT{b592689e-14e7-11df-9ad5-001e33d60508}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 01:28:19 | 000,524,288 | -HS- | M] () -- C:\Users\All\NTUSER.DAT{b592689e-14e7-11df-9ad5-001e33d60508}.TMContainer00000000000000000001.regtrans-ms
[2010/02/08 14:51:01 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010/02/17 00:23:52 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/17 00:22:21 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/16 23:59:44 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/02/13 17:33:55 | 000,947,106 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\Cat.DB
[2010/02/13 17:33:51 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/02/13 17:33:51 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/02/13 17:33:42 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/02/13 17:33:25 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\SymEFA.inf
[2010/02/13 17:33:25 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\SymDS.inf
[2010/02/13 17:33:25 | 000,001,756 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\ccHPx86.inf
[2010/02/13 17:33:25 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\SymNetV.inf
[2010/02/13 17:33:25 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\SymNet.inf
[2010/02/13 17:33:25 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\srtspx.inf
[2010/02/13 17:33:25 | 000,001,382 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\srtsp.inf
[2010/02/13 17:33:25 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\Iron.inf
[2010/02/13 17:33:24 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\symnetv.cat
[2010/02/13 17:33:24 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\SymEFA.cat
[2010/02/13 17:33:24 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\srtspx.cat
[2010/02/13 17:33:24 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\srtsp.cat
[2010/02/13 17:33:24 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\iron.cat
[2010/02/13 17:33:24 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\SymDS.cat
[2010/02/13 17:33:24 | 000,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\cchpx86.cat
[2010/02/13 17:33:24 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\SymNet.cat
[2010/02/13 17:33:23 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1105000.07F\isolate.ini
[2010/02/12 19:11:23 | 000,524,288 | -HS- | C] () -- C:\Users\All\ntuser.dat{74322d06-1844-11df-b058-0024d2d09ea1}.TMContainer00000000000000000002.regtrans-ms
[2010/02/12 19:11:23 | 000,524,288 | -HS- | C] () -- C:\Users\All\ntuser.dat{74322d06-1844-11df-b058-0024d2d09ea1}.TMContainer00000000000000000001.regtrans-ms
[2010/02/12 19:11:23 | 000,065,536 | -HS- | C] () -- C:\Users\All\ntuser.dat{74322d06-1844-11df-b058-0024d2d09ea1}.TM.blf
[2010/02/12 09:48:56 | 000,524,288 | -HS- | C] () -- C:\Users\All\ntuser.dat{4a094bc1-17fd-11df-b0c8-0024d2d09ea1}.TMContainer00000000000000000002.regtrans-ms
[2010/02/12 09:48:56 | 000,524,288 | -HS- | C] () -- C:\Users\All\ntuser.dat{4a094bc1-17fd-11df-b0c8-0024d2d09ea1}.TMContainer00000000000000000001.regtrans-ms
[2010/02/12 09:48:56 | 000,065,536 | -HS- | C] () -- C:\Users\All\ntuser.dat{4a094bc1-17fd-11df-b0c8-0024d2d09ea1}.TM.blf
[2010/02/11 23:45:22 | 000,007,571 | ---- | C] () -- C:\Users\All\AppData\Local\Resmon.ResmonCfg
[2010/02/08 20:57:50 | 000,524,288 | -HS- | C] () -- C:\Users\All\NTUSER.DAT{b592689e-14e7-11df-9ad5-001e33d60508}.TMContainer00000000000000000002.regtrans-ms
[2010/02/08 20:57:50 | 000,524,288 | -HS- | C] () -- C:\Users\All\NTUSER.DAT{b592689e-14e7-11df-9ad5-001e33d60508}.TMContainer00000000000000000001.regtrans-ms
[2010/02/08 20:57:50 | 000,065,536 | -HS- | C] () -- C:\Users\All\NTUSER.DAT{b592689e-14e7-11df-9ad5-001e33d60508}.TM.blf
[2010/02/08 14:51:01 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/08 14:49:53 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/08 14:49:51 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/02 23:03:20 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2010/02/02 23:01:51 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010/02/02 23:01:51 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010/02/02 22:58:29 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010/02/02 22:57:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010/02/02 22:54:49 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini
[2010/02/02 22:52:53 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010/02/02 22:50:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/01/12 16:14:59 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/01/07 20:32:36 | 000,000,064 | ---- | C] () -- C:\Windows\QBWCD.INI
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006/03/08 21:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/01/29 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\All\AppData\Roaming\CoffeeCup Software
[2010/02/12 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\All\AppData\Roaming\TELUS
[2010/01/04 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\All\AppData\Roaming\toshiba
[2010/01/04 18:13:24 | 000,000,000 | ---D | M] -- C:\Users\All\AppData\Roaming\WinBatch
[2009/07/13 20:53:46 | 000,022,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< End of report >


OTL Extras logfile created on: 17/02/2010 12:34:36 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\All\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.14 Gb Total Space | 166.51 Gb Free Space | 77.04% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 7.60 Gb Free Space | 98.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALL-PC
Current User Name: All
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{21329DB6-ACC2-48AC-BE6E-BDDBCEB667D7}" = My Kazaa Gold
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45259F03-5BE4-4FA8-B2EF-A799DEC9B444}" = PLiska Image Resizer
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{EA93D23C-5470-42AB-88B3-7CBF0D14E14D}" = RPS CRT
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"NAV" = Norton AntiVirus
"QuickBooks" = QuickBooks
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/02/2010 5:34:20 PM | Computer Name = All-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12/02/2010 11:43:48 PM | Computer Name = All-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Explorer' could not be shut down.

Error - 13/02/2010 7:16:55 PM | Computer Name = All-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 13/02/2010 10:08:57 PM | Computer Name = All-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Explorer' could not be shut down.

Error - 14/02/2010 12:58:48 AM | Computer Name = All-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 14/02/2010 1:24:16 AM | Computer Name = All-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 14/02/2010 5:29:48 PM | Computer Name = All-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 14/02/2010 8:39:24 PM | Computer Name = All-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 15/02/2010 7:30:50 PM | Computer Name = All-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 16/02/2010 1:07:31 PM | Computer Name = All-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Media Center Events ]
Error - 24/01/2010 8:24:38 PM | Computer Name = All-PC | Source = MCUpdate | ID = 0
Description = 4:24:37 PM - Error connecting to the internet. 4:24:38 PM - Unable
to contact server..

Error - 24/01/2010 8:24:50 PM | Computer Name = All-PC | Source = MCUpdate | ID = 0
Description = 4:24:43 PM - Error connecting to the internet. 4:24:43 PM - Unable
to contact server..

[ System Events ]
Error - 17/02/2010 3:20:49 AM | Computer Name = All-PC | Source = Service Control Manager | ID = 7034
Description = The AMD External Events Utility service terminated unexpectedly.
It has done this 1 time(s).

Error - 17/02/2010 3:32:55 AM | Computer Name = All-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 17/02/2010 3:32:55 AM | Computer Name = All-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/02/2010 3:33:04 AM | Computer Name = All-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService
service to connect.

Error - 17/02/2010 3:33:04 AM | Computer Name = All-PC | Source = Service Control Manager | ID = 7000
Description = The lxduCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 17/02/2010 4:01:03 AM | Computer Name = All-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 17/02/2010 4:01:03 AM | Computer Name = All-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 17/02/2010 4:01:15 AM | Computer Name = All-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService
service to connect.

Error - 17/02/2010 4:01:15 AM | Computer Name = All-PC | Source = Service Control Manager | ID = 7000
Description = The lxduCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 17/02/2010 4:13:00 AM | Computer Name = All-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

[Advertisements]

Hey matt21,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Before we proceed, here are some things that you can take note of so that the cleaning up process will be more smooth and efficient. Do not worry, the points below are not any form of rules, it's just a few pointers that can ensure that you will get the best help from me.

• To ensure that you are informed of the latest replies to your thread, you may like to right click on Options at the top right hand corner of this page and select "Subscribe to this forum". That way, you will be notified via email when a reply was posted to your thread.
• If you have any doubts or uncertainty about any part of my instructions, feel free to post on here and ask me about them.
• Please do NOT attempt to run any tools or do any fixing on your own unless I tell you to, this will avoid any confusion that can occur during the cleaning process. Furthermore, fixing malware problems without sufficient knowledge can be dangerous at times and you can mess up your own computer without knowing.
• Please do not PM me for malware removal assistance, any request for malware removal assistance should be posted in this thread only. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here.
• Please do not start multiple topics (especially when you are already being assisted by a malware staff). All staff are volunteers on here, starting multiple topics will waste the limited resource of manpower we have here at GeekstoGo, and this can further hinder our ability to assist other users. Please be considerate and stick to one thread. If you have not received a single reply to your topic for 3 days or more, feel free to visit here and post a thread in the Waiting Room with a link to your original topic.

I'm looking at your log now and will be back with a fix soon. Thanks for your patience and understanding.

[Ltangelic]

Hey matt21,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Before we proceed, here are some things that you can take note of so that the cleaning up process will be more smooth and efficient. Do not worry, the points below are not any form of rules, it's just a few pointers that can ensure that you will get the best help from me.

• To ensure that you are informed of the latest replies to your thread, you may like to right click on Options at the top right hand corner of this page and select "Subscribe to this forum". That way, you will be notified via email when a reply was posted to your thread.
• If you have any doubts or uncertainty about any part of my instructions, feel free to post on here and ask me about them.
• Please do NOT attempt to run any tools or do any fixing on your own unless I tell you to, this will avoid any confusion that can occur during the cleaning process. Furthermore, fixing malware problems without sufficient knowledge can be dangerous at times and you can mess up your own computer without knowing.
• Please do not PM me for malware removal assistance, any request for malware removal assistance should be posted in this thread only. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here.
• Please do not start multiple topics (especially when you are already being assisted by a malware staff). All staff are volunteers on here, starting multiple topics will waste the limited resource of manpower we have here at GeekstoGo, and this can further hinder our ability to assist other users. Please be considerate and stick to one thread. If you have not received a single reply to your topic for 3 days or more, feel free to visit here and post a thread in the Waiting Room with a link to your original topic.

I'm looking at your log now and will be back with a fix soon. Thanks for your patience and understanding.

[Ltangelic]

Hey matt21,

I don't see much in your logs, let's run some more tools.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Norton anti-virus 2010) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Next reply (please include in your post):

ComboFix.txt

[matt21]

Hi Ltangelic,I was able to run the combofix program but during the scan I got the blue screen error and a message appeared that said there was a kernal error and Windows must shut down to prevent further damage.I don't know the exact message as it dissapeared too quickly but if it is okay I can run ComboFix again and give you the exact error message.I took a look for the ComboFix.txt log but I guess the scan wasn't long enough to record anything.In the C directory I did spot some new folders that I have never seen before,there is 3 new folders altogether,one of the folders is named 32788R22FWJFW and contains 1 file which is named cmd.cfxxe.The second new folder is named Qoobox which contains another 5 folders with 16 DAT files and 1 Windows Batch file.The third new folder is named ComboFix and when I double click to open the folder it shows my Computer directory(which shows my Hard Disk Drives & Devices with Removable Storage),I don't want to run ComboFix again until I get the ok from you and if you could tell me if these new folders are part of ComboFix which I think they are that would be great.Thank you for taking your time to help me,I am very happy I found this forum as it is very helpful.

[Ltangelic]

Hey matt21,

I believe the three folders are all part of ComboFix. Strange that ComboFix caused a BSOD, do try to catch the error message if this happens again in the future running other tools.

Meanwhile, please do system backup of all important data that you have before running ComboFix a second time. If BSOD occurs again the second time, please tell me on here and we'll stop running ComboFix temporarily.

Please follow the instructions for running ComboFix carefully, thank you.

[matt21]

Hi Ltangelic,before seeing your new reply I decided to try to run MBR again as I was unable too when I first tryed,I figured out that I was unable to run MBR before as I was not smart enough to disable Norton so I tried again with Norton disabled and this time MBR worked but once again it did not complete as I got another warning message and Windows was forced to shut down(same error message as before),this time I was able to read and remember the error message which was kernal_data_inpage_error,it is the same error message displayed before when I ran ComboFix.Should I still try running ComboFix a second time as it seems it will cause the same error as before expecially seeing that MBR also causes the same problem,maybe they are not compatible with Windows 7.Thanks for the quick reply and letting me know that those are ComboFix folders,I figured they were but wanted to be sure.

[Ltangelic]

Hey matt21,

Dang, I missed the part about it being a Windows 7 OS. Unfortunately, many of the tools we have on here cannot run on a 64-bit system and it could mean that the cleaning process may not be that smooth.

Let's try running some other scanners and tools to see what we can find.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Norton anti-virus 2010) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

Download avz4.zip from HERE

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
  
• Click on the “Execute selected scripts”.
• Automatic scanning, healing and system check will be executed.
• A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
• It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
• All applications will work properly after the system restart.

When restarted

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
  
• Click on the "Execute selected scripts".
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Next reply (please include in your post):

AVZ log

[matt21]

Hi Ltangelic,those scans ran okay as AVZ stopped responding a few times during both scans,at least no BSOD error ,sorry for the late reply.



 virusinfo_cure.zip   22bytes   201 downloads
 virusinfo_syscure.zip   30.85KB   123 downloads

[Ltangelic]

Hey matt21,

AVZ didn't find anything suspicious, how is your computer running?

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (Norton anti-virus) as it/they may hinder the tools from running. Instructions is in the link below:

http://www.bleepingc...opic114351.html

1) Run Dr WebCureIt

Download Dr.Web CureIt to the desktop.

• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, chose the Complete Scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

2) Run Kaspersky Webscanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Make sure the C:\Program Files\JAVA folder is removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")

THEN

Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

3) Run OTS

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  • Reg - Shell Spawning
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Under custom scans copy and paste the following
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %ProgramFiles%\Movie Maker\*.dll
  %ALLUSERSAPPDATA%\*.dll
  %SYSTEMROOT%\*.tmp
  %PROGRAMFILES%\Internet Explorer\*.dll
  %DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
  %systemroot%\system32\*.dll /lockedfiles
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  c:\$recycle.bin\*.* /s
  CREATERESTOREPOINT
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Next reply (please include in your post):

OTS.txt
Dr WebCureIt scan log
Kaspersky scan log

[matt21]

Hi Ltangelic,I got the Dr.Web CureIt scans complete but haven't had the time to complete the other 2 scans,I will try to get those done by tomorrow.

[Ltangelic]

Hi matt21,

No worries, take your time with the scans. Thank you for getting back to me.

[Ltangelic]

Hi matt21,

Are you still there?

[Ltangelic]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.