Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32:syspatch [wrm]


  • Please log in to reply

#1
godkyle

godkyle

    Member

  • Member
  • PipPip
  • 10 posts
Thanks in advance for the assistance.
Start off, this is not my laptop, it's the girlfriends, so i dont know much of the fine details about it.
Avast found this worm, seen alot of attempts, but the only success to fix this I found was on your site. IF it works, i will for be a donor for sure (not a bribe, just respect the work haha)
From past resolved topic I saw on this I saw the OTlistit was run and posted, so i have done the same. (could be other things, but there are so many fix attempts it was hard to see all the useful ones)
Right now the machine runs only in safe mode. completely stuck when in regular, cant access toolbar, icons or use keyboard commands. But the mouse still works.
Not sure if each situation is unique, so if there is a general gernic fix for this now, you can post the link, again thanks.


OTL Extras logfile created on: 6/16/2010 12:30:01 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Heather Forsyth\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 413.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.28 Gb Total Space | 38.23 Gb Free Space | 59.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.95 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive E: | 7.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.91 Gb Total Space | 1.33 Gb Free Space | 69.73% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEATHER
Current User Name: Heather Forsyth
Logged in as Administrator.

Cannot determine boot mode.
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Heather Forsyth\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Heather Forsyth\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}" = Logitech QuickCam
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59FD743D-A699-449E-8197-BD2899DAD69A}" = OverDrive Media Console
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast!" = avast! Antivirus
"Free Window Registry Repair" = Free Window Registry Repair
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"Logitech Print Service" = Logitech Print Service
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QcDrv" = Logitech® Camera Driver
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2010 9:29:18 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 40345188

Error - 6/15/2010 9:29:33 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2010 9:29:33 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 40360813

Error - 6/15/2010 9:30:36 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2010 9:30:36 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 40423547

Error - 6/15/2010 9:30:36 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 40423547

Error - 6/15/2010 9:33:13 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2010 9:33:13 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 40580563

Error - 6/15/2010 9:33:13 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 40580563

Error - 6/15/2010 9:33:29 PM | Computer Name = HEATHER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 6/15/2010 11:19:07 PM | Computer Name = HEATHER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/15/2010 11:20:28 PM | Computer Name = HEATHER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/15/2010 11:20:28 PM | Computer Name = HEATHER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/15/2010 11:23:17 PM | Computer Name = HEATHER | Source = DCOM | ID = 10010
Description = The server {0B365333-F00A-4598-924E-04C5AD497AD7} did not register
with DCOM within the required timeout.

Error - 6/15/2010 11:23:24 PM | Computer Name = HEATHER | Source = DCOM | ID = 10010
Description = The server {51DB6065-D98C-42E2-AE1A-2A84B87522EC} did not register
with DCOM within the required timeout.

Error - 6/15/2010 11:24:46 PM | Computer Name = HEATHER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/15/2010 11:24:46 PM | Computer Name = HEATHER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/15/2010 11:27:13 PM | Computer Name = HEATHER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/15/2010 11:27:13 PM | Computer Name = HEATHER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/16/2010 12:20:00 AM | Computer Name = HEATHER | Source = Schedule | ID = 7901
Description = The At25.job command failed to start due to the following error: %%2147942402


< End of report >



000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/07/30 18:24:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/15 23:41:04 | 000,404,365 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [A00FB12B470C.exe] C:\DOCUME~1\HEATHE~1\LOCALS~1\Temp\_A00FB12B470C.exe File not found
O4 - HKCU..\Run: [ajhpdcuo] c:\documents and settings\heather forsyth\local settings\application data\vurkkwm\tfbufg.exe File not found
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Heather Forsyth\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by123fd.bay12...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://walmart.pnime...upv2.0.0.10.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\System32\twext.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/29 19:10:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/16 00:29:27 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
[2010/06/15 23:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/06/15 22:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\DoctorWeb
[2010/06/14 22:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/14 22:57:22 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/14 22:57:20 | 000,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/14 22:57:18 | 000,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/14 22:57:16 | 000,094,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/06/14 22:57:15 | 000,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/14 22:57:15 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/14 22:57:14 | 000,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/14 22:57:14 | 000,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/14 22:56:46 | 001,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/14 22:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/12 18:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/12 15:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/12 15:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/12 15:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/12 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/12 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/11 21:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/10 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/10 22:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\vurkkwm
[2010/06/08 22:13:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\IECompatCache
[2010/06/08 22:12:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\PrivacIE
[2010/06/08 22:08:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\IETldCache
[2010/06/08 21:27:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/06/08 21:27:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/06/08 21:27:52 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/06/08 21:27:51 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/06/08 21:27:51 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/08 21:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/08 21:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/08 21:25:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/29 12:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/20 14:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2006/01/29 21:40:08 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
[2010/06/16 00:20:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/06/15 23:41:04 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/15 23:27:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/15 23:26:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/15 23:26:45 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 23:19:27 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Heather Forsyth\NTUSER.DAT
[2010/06/15 23:19:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Heather Forsyth\ntuser.ini
[2010/06/15 23:19:05 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\IconCache.db
[2010/06/15 22:23:24 | 044,363,048 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\launch.exe
[2010/06/15 21:51:32 | 000,577,536 | ---- | M] () -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/06/15 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/06/15 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/15 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/06/15 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/15 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/06/15 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/15 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/06/15 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/15 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/06/15 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/15 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/06/15 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/15 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/06/15 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/15 14:31:40 | 000,156,160 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/15 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/06/15 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/15 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/06/15 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/15 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/06/15 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/15 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/06/15 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/15 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/15 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/06/14 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/06/14 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/14 22:57:22 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/14 22:57:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/14 22:55:15 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100615-234104.backup
[2010/06/14 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/14 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/06/14 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/14 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/06/13 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/06/13 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/13 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/13 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/06/13 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/06/13 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/13 00:43:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/12 15:41:26 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 15:36:19 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 15:31:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 15:31:25 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/12 12:47:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/12 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/06/12 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/12 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/06/12 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/12 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/12 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/06/12 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/12 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/06/11 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/11 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/06/10 22:13:02 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\syssvc.exe
[2010/06/10 18:07:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 18:06:19 | 000,000,685 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 22:06:53 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 21:27:49 | 002,003,233 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/06/08 20:45:19 | 000,524,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/08 20:45:19 | 000,456,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/08 20:45:19 | 000,077,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 18:16:51 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100614-225515.backup
[2010/05/20 16:23:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/20 16:23:26 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/05/20 16:22:30 | 000,000,368 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/20 15:32:12 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-181651.backup
[2010/05/20 14:06:13 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-153212.backup
[2010/05/20 14:01:10 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-140613.backup
[2010/05/20 13:54:57 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Spybot - Search & Destroy.lnk
[2010/05/19 17:49:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 23:20:01 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/15 22:32:46 | 044,363,048 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\launch.exe
[2010/06/15 14:31:45 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/14 22:57:22 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/14 22:56:46 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/06/12 15:41:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 15:36:19 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 15:31:25 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 15:31:25 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/06/10 22:13:01 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\syssvc.exe
[2010/05/20 13:43:31 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Spybot - Search & Destroy.lnk
[2010/01/06 00:56:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009/11/07 00:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/05/02 18:25:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2007/05/02 18:25:55 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/02 18:25:28 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/23 20:06:00 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/23 11:20:27 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/09/04 19:37:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/30 02:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/29 21:40:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/01/29 21:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/01/29 20:59:57 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/01/29 20:59:57 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/01/29 20:59:07 | 000,000,368 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/29 20:58:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/29 20:58:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/29 20:58:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/29 20:58:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/29 20:58:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/29 20:58:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/29 20:53:08 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/01/29 20:53:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/01/29 20:53:08 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/01/29 20:53:08 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/01/29 20:52:21 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/29 19:42:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/29 19:15:55 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/29 17:55:21 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/29 17:55:13 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/01/29 17:55:13 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/01/29 17:55:13 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/01/29 17:55:13 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/01/29 17:55:13 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005/09/02 18:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 01:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 21:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi godkyle :)

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

You did not post the full contents of OTL.txt , please reopen that file and post all of it, it should be located in the same location where you saved the OTL program.
  • 0

#3
godkyle

godkyle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Strange, i made sure to copy and paste both the OTL.txt and the Extras.txt, will try again.
Could that problem be due to the fact that the scan is being run in safe mode?
Or could it be something in the scan setup options? I used the default ones.




Reposting OTL.txt

OTL logfile created on: 6/16/2010 12:36:56 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Heather Forsyth\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 398.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.28 Gb Total Space | 38.23 Gb Free Space | 59.47% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.95 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive E: | 7.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.91 Gb Total Space | 1.33 Gb Free Space | 69.73% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEATHER
Current User Name: Heather Forsyth
Logged in as Administrator.

Cannot determine boot mode.
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/07/23 10:25:45 | 000,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/07/19 10:38:04 | 000,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/02 01:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 01:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 01:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/02/07 20:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/07/23 10:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/07/19 10:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006/08/02 01:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/08/02 01:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/08/02 01:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/02/07 20:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2008/07/19 10:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/07/19 10:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/07/19 10:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/07/19 10:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/19 10:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/07/19 10:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/25 22:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/05/30 20:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/04 19:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/02 03:46:54 | 000,191,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/12 21:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/29 22:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 07:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 09:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/01 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/07 21:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/05/27 11:47:16 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/05/21 15:16:50 | 000,245,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL20.sys -- (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1)
DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 15:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/12 15:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/12 15:36:44 | 000,000,000 | ---D | M]

[2009/02/25 20:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Extensions
[2010/06/16 00:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Firefox\Profiles\ghkghytc.default\extensions
[2010/05/03 23:49:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Firefox\Profiles\ghkghytc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/25 20:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/30 18:24:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/07/30 18:24:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/07/30 18:24:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/07/30 18:24:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/15 23:41:04 | 000,404,365 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005..\Run: [A00FB12B470C.exe] C:\DOCUME~1\HEATHE~1\LOCALS~1\Temp\_A00FB12B470C.exe File not found
O4 - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005..\Run: [ajhpdcuo] c:\documents and settings\heather forsyth\local settings\application data\vurkkwm\tfbufg.exe File not found
O4 - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat File not found
O4 - Startup: C:\Documents and Settings\Heather Forsyth\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by123fd.bay12...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://walmart.pnime...upv2.0.0.10.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\System32\twext.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/29 19:10:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/16 00:29:27 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
[2010/06/15 23:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/06/15 22:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\DoctorWeb
[2010/06/14 22:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/14 22:57:22 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/14 22:57:20 | 000,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/14 22:57:18 | 000,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/14 22:57:16 | 000,094,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/06/14 22:57:15 | 000,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/14 22:57:15 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/14 22:57:14 | 000,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/14 22:57:14 | 000,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/14 22:56:46 | 001,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/14 22:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/12 18:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/12 15:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/12 15:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/12 15:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/12 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/12 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/11 21:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/10 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/10 22:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\vurkkwm
[2010/06/08 22:13:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\IECompatCache
[2010/06/08 22:12:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\PrivacIE
[2010/06/08 22:08:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\IETldCache
[2010/06/08 21:27:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/06/08 21:27:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/06/08 21:27:52 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/06/08 21:27:51 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/06/08 21:27:51 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/08 21:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/08 21:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/08 21:25:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/29 12:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/20 14:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2006/01/29 21:40:08 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
[2010/06/16 00:20:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/06/15 23:41:04 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/15 23:27:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/15 23:26:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/15 23:26:45 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 23:19:27 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Heather Forsyth\NTUSER.DAT
[2010/06/15 23:19:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Heather Forsyth\ntuser.ini
[2010/06/15 23:19:05 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\IconCache.db
[2010/06/15 22:23:24 | 044,363,048 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\launch.exe
[2010/06/15 21:51:32 | 000,577,536 | ---- | M] () -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/06/15 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/06/15 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/15 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/06/15 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/15 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/06/15 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/15 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/06/15 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/15 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/06/15 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/15 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/06/15 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/15 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/06/15 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/15 14:31:40 | 000,156,160 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/15 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/06/15 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/15 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/06/15 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/15 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/06/15 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/15 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/06/15 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/15 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/15 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/06/14 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/06/14 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/14 22:57:22 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/14 22:57:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/14 22:55:15 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100615-234104.backup
[2010/06/14 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/14 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/06/14 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/14 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/06/13 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/06/13 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/13 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/13 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/06/13 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/06/13 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/13 00:43:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/12 15:41:26 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 15:36:19 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 15:31:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 15:31:25 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/12 12:47:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/12 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/06/12 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/12 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/06/12 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/12 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/12 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/06/12 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/12 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/06/11 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/11 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/06/10 22:13:02 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\syssvc.exe
[2010/06/10 18:07:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 18:06:19 | 000,000,685 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 22:06:53 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 21:27:49 | 002,003,233 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/06/08 20:45:19 | 000,524,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/08 20:45:19 | 000,456,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/08 20:45:19 | 000,077,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 18:16:51 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100614-225515.backup
[2010/05/20 16:23:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/20 16:23:26 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/05/20 16:22:30 | 000,000,368 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/20 15:32:12 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-181651.backup
[2010/05/20 14:06:13 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-153212.backup
[2010/05/20 14:01:10 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-140613.backup
[2010/05/20 13:54:57 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Spybot - Search & Destroy.lnk
[2010/05/19 17:49:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 23:20:01 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/15 22:32:46 | 044,363,048 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\launch.exe
[2010/06/15 14:31:45 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/14 22:57:22 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/14 22:56:46 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/06/12 15:41:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 15:36:19 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 15:31:25 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 15:31:25 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/06/10 22:13:01 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\syssvc.exe
[2010/05/20 13:43:31 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Spybot - Search & Destroy.lnk
[2010/01/06 00:56:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009/11/07 00:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/05/02 18:25:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2007/05/02 18:25:55 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/02 18:25:28 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/23 20:06:00 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/23 11:20:27 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/09/04 19:37:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/30 02:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/29 21:40:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/01/29 21:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/01/29 20:59:57 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/01/29 20:59:57 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/01/29 20:59:07 | 000,000,368 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/29 20:58:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/29 20:58:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/29 20:58:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/29 20:58:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/29 20:58:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/29 20:58:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/29 20:53:08 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/01/29 20:53:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/01/29 20:53:08 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/01/29 20:53:08 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/01/29 20:52:21 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/29 19:42:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/29 19:15:55 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/29 17:55:21 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/29 17:55:13 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/01/29 17:55:13 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/01/29 17:55:13 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/01/29 17:55:13 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/01/29 17:55:13 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2005/09/02 18:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 01:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 21:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005..\Run: [A00FB12B470C.exe] C:\DOCUME~1\HEATHE~1\LOCALS~1\Temp\_A00FB12B470C.exe File not found
    O4 - HKU\S-1-5-21-1396601724-1688103407-3371699126-1005..\Run: [ajhpdcuo] c:\documents and settings\heather forsyth\local settings\application data\vurkkwm\tfbufg.exe File not found
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat File not found
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\System32\twext.exe File not found
    [2010/06/10 22:13:02 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\syssvc.exe
    
    :Files
    C:\WINDOWS\tasks\At*.job
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#5
godkyle

godkyle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
run and done

OTL:

OTL logfile created on: 6/16/2010 4:38:44 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Heather Forsyth\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 370.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.28 Gb Total Space | 38.61 Gb Free Space | 60.07% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.95 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive E: | 7.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.91 Gb Total Space | 1.33 Gb Free Space | 69.73% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEATHER
Current User Name: Heather Forsyth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
PRC - [2010/06/14 22:56:45 | 002,519,088 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/23 10:25:45 | 000,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/07/19 10:38:34 | 000,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/07/19 10:38:04 | 000,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/25 17:47:12 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2006/08/02 01:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 01:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 01:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 01:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 01:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/08/02 01:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/03/16 16:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/03/02 03:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 20:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 16:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/10/06 09:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/16 15:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/08/11 17:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 04:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/27 12:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/17 15:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2004/06/01 11:03:18 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2004/06/01 10:46:52 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/05/21 19:11:22 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/07/23 10:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/07/19 10:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006/08/02 01:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/08/02 01:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/08/02 01:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/02/07 20:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2008/07/19 10:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/07/19 10:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/07/19 10:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/07/19 10:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/19 10:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/07/19 10:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/25 22:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/05/30 20:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/04 19:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/02 03:46:54 | 000,191,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/12 21:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/29 22:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 07:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 09:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/01 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/07 21:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/05/27 11:47:16 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/05/21 15:16:50 | 000,245,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL20.sys -- (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1)
DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 15:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/12 15:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/12 15:36:44 | 000,000,000 | ---D | M]

[2009/02/25 20:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Extensions
[2010/06/16 00:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Firefox\Profiles\ghkghytc.default\extensions
[2010/05/03 23:49:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Firefox\Profiles\ghkghytc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/25 20:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/30 18:24:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/07/30 18:24:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/07/30 18:24:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/07/30 18:24:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/15 23:41:04 | 000,404,365 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Heather Forsyth\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by123fd.bay12...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://walmart.pnime...upv2.0.0.10.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/29 19:10:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/16 16:29:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/16 00:29:27 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
[2010/06/15 23:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/06/15 22:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\DoctorWeb
[2010/06/14 22:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/14 22:57:22 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/14 22:57:20 | 000,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/14 22:57:18 | 000,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/14 22:57:16 | 000,094,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/06/14 22:57:15 | 000,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/14 22:57:15 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/14 22:57:14 | 000,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/14 22:57:14 | 000,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/14 22:56:46 | 001,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/14 22:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/12 18:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/12 15:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/12 15:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/12 15:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/12 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/12 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/11 21:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/10 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/10 22:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\vurkkwm
[2010/06/08 22:13:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\IECompatCache
[2010/06/08 22:12:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\PrivacIE
[2010/06/08 22:08:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\IETldCache
[2010/06/08 21:27:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/06/08 21:27:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/06/08 21:27:52 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/06/08 21:27:51 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/06/08 21:27:51 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/08 21:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/08 21:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/08 21:25:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/29 12:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/20 14:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2006/01/29 21:40:08 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[2010/06/16 16:36:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/16 16:35:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/16 16:35:49 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/16 16:34:52 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Heather Forsyth\NTUSER.DAT
[2010/06/16 16:34:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Heather Forsyth\ntuser.ini
[2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
[2010/06/15 23:41:04 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/15 23:19:05 | 002,205,456 | -H-- | M] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\IconCache.db
[2010/06/15 22:23:24 | 044,363,048 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\launch.exe
[2010/06/15 21:51:32 | 000,577,536 | ---- | M] () -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/06/15 14:31:40 | 000,156,160 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/14 22:57:22 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/14 22:57:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/14 22:55:15 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100615-234104.backup
[2010/06/12 15:41:26 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 15:36:19 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 15:31:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 15:31:25 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/12 12:47:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/10 18:07:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 18:06:19 | 000,000,685 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 22:06:53 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 21:27:49 | 002,003,233 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/06/08 20:45:19 | 000,524,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/08 20:45:19 | 000,456,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/08 20:45:19 | 000,077,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 18:16:51 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100614-225515.backup
[2010/05/20 16:23:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/20 16:23:26 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2010/05/20 16:22:30 | 000,000,368 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/20 15:32:12 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-181651.backup
[2010/05/20 14:06:13 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-153212.backup
[2010/05/20 14:01:10 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-140613.backup
[2010/05/20 13:54:57 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Spybot - Search & Destroy.lnk
[2010/05/19 17:49:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2010/06/15 23:20:01 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/15 22:32:46 | 044,363,048 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\launch.exe
[2010/06/15 14:31:45 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/14 22:57:22 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/14 22:56:46 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/06/12 15:41:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 15:36:19 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 15:31:25 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 15:31:25 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/20 13:43:31 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Spybot - Search & Destroy.lnk
[2010/01/06 00:56:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009/11/07 00:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/05/02 18:25:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2007/05/02 18:25:55 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/02 18:25:28 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/23 20:06:00 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/23 11:20:27 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/09/04 19:37:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/30 02:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/29 21:40:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/01/29 21:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/01/29 20:59:57 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/01/29 20:59:57 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/01/29 20:59:07 | 000,000,368 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/29 20:58:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/29 20:58:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/29 20:58:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/29 20:58:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/29 20:58:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/29 20:58:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/29 20:53:08 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/01/29 20:53:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/01/29 20:53:08 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/01/29 20:53:08 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/01/29 20:52:21 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/29 19:42:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/29 19:15:55 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/29 17:55:21 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/02 18:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 01:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 21:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



Combofix:

ComboFix 10-06-15.04 - Heather Forsyth 06/16/2010 16:58:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.582 [GMT -4:00]
Running from: c:\documents and settings\Heather Forsyth\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 100616-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\cooper.mine
c:\windows\system32\RtP7yS2r.exe.a_a
c:\windows\system32\T74MpA05.exe.a_a
c:\windows\system32\twain_32
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\compbatt.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-16 20:29 . 2010-06-16 20:29 -------- d-----w- C:\_OTL
2010-06-16 03:48 . 2010-06-16 03:51 -------- d-----w- c:\program files\Free Window Registry Repair
2010-06-16 02:34 . 2010-06-16 02:34 -------- d-----w- c:\documents and settings\Heather Forsyth\DoctorWeb
2010-06-15 02:57 . 2008-07-19 14:33 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-15 02:57 . 2008-07-19 14:32 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-15 02:57 . 2008-07-19 14:32 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-15 02:57 . 2008-07-19 14:30 94392 ----a-w- c:\windows\system32\AvastSS.scr
2010-06-15 02:57 . 2008-07-19 14:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-15 02:57 . 2008-07-19 14:35 78416 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-15 02:57 . 2008-07-19 14:37 94416 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-15 02:57 . 2008-01-17 16:34 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-15 02:56 . 2008-07-19 14:43 1163960 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-15 02:56 . 2010-06-15 02:56 -------- d-----w- c:\program files\Alwil Software
2010-06-12 22:51 . 2010-06-12 22:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-12 19:40 . 2010-06-12 19:40 -------- d-----w- c:\program files\iPod
2010-06-12 19:39 . 2010-06-12 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-12 19:39 . 2010-06-12 19:41 -------- d-----w- c:\program files\iTunes
2010-06-12 19:35 . 2010-06-12 19:36 -------- d-----w- c:\program files\QuickTime
2010-06-12 19:31 . 2010-06-12 19:31 -------- d-----w- c:\program files\Bonjour
2010-06-12 19:29 . 2010-06-12 19:29 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-12 01:12 . 2010-06-12 01:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-12 01:11 . 2010-06-12 22:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-11 02:05 . 2010-06-16 01:57 -------- d-----w- c:\documents and settings\Heather Forsyth\Local Settings\Application Data\vurkkwm
2010-06-09 02:13 . 2010-06-09 02:13 -------- d-sh--w- c:\documents and settings\Heather Forsyth\IECompatCache
2010-06-09 02:12 . 2010-06-09 02:12 -------- d-sh--w- c:\documents and settings\Heather Forsyth\PrivacIE
2010-06-09 02:08 . 2010-06-09 02:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-09 02:08 . 2010-06-09 02:08 -------- d-sh--w- c:\documents and settings\Heather Forsyth\IETldCache
2010-06-09 01:27 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-09 01:27 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-09 01:27 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-09 01:27 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-09 01:27 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-09 01:27 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-09 01:27 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 01:27 . 2010-06-10 22:10 -------- d-----w- c:\windows\ie8updates
2010-06-09 01:27 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-09 01:25 . 2010-06-09 01:27 -------- dc-h--w- c:\windows\ie8
2010-05-29 16:47 . 2010-05-29 16:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-05-20 18:30 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-05-20 18:29 . 2001-08-17 18:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 21:04 . 2006-01-29 21:54 577536 ----a-w- c:\windows\system32\user32.dll
2010-06-15 03:21 . 2008-08-24 15:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-13 07:35 . 2007-12-25 17:41 -------- d-----w- c:\documents and settings\Heather Forsyth\Application Data\Apple Computer
2010-06-12 19:39 . 2007-12-25 17:38 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 18:23 . 2008-08-24 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-20 18:20 . 2008-08-24 15:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-20 18:06 . 2008-08-24 01:01 -------- d-----w- c:\program files\Hitman Pro
2010-05-20 18:04 . 2008-08-24 15:58 -------- d-----w- c:\documents and settings\Heather Forsyth\Application Data\Lavasoft
2010-05-06 10:41 . 2006-01-29 21:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56 . 2006-01-29 21:54 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-22 01:15 . 2007-12-25 17:39 -------- d-----w- c:\program files\Apple Software Update
2010-04-20 05:51 . 2006-01-29 21:54 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2007-09-17 22:36 . 2006-12-24 00:06 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
Infected c:\windows\system32\user32.dll hex repaired


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Heather Forsyth\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Heather Forsyth\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Heather Forsyth\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 16206848]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"NDSTray.exe"="NDSTray.exe" [BU]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"TFncKy"="TFncKy.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-12-01 77892]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Heather Forsyth\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-5-2 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-29 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Heather Forsyth\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/14/2010 10:57 PM 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2010 10:57 PM 20560]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\HEATHE~1\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\HEATHE~1\LOCALS~1\Temp\aswArKrn.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Heather Forsyth\Application Data\Mozilla\Firefox\Profiles\ghkghytc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 17:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-16 17:08:50
ComboFix-quarantined-files.txt 2010-06-16 21:08

Pre-Run: 41,319,907,328 bytes free
Post-Run: 41,294,082,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - D561AF7AB81CDD67F2725B8CBEBD49A4
  • 0

#6
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


Step 3

Please download JavaRa to your desktop and unzip it to it's own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Next

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Kaspersky WebScanner Report
  • Update on how your computer is running

  • 0

#7
godkyle

godkyle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Currently running this on the troubled laptop. However a new problem has come up since last night, the darn thing has put a DNS oln your site, so i will be transfering the logs over, this will add a little time to the process, will post when done.
  • 0

#8
godkyle

godkyle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Bit of a problem, I have run TFC, malware and Java as instructed however, with everything closed (avast included) kapersky (or however it is spelt) will not run.

MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4211

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/17/2010 11:05:17 PM
mbam-log-2010-06-17 (23-05-17).txt

Scan type: Quick scan
Objects scanned: 134254
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
godkyle

godkyle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Should I reboot in safe mode to see if it will work?
  • 0

#10
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#11
godkyle

godkyle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Run, now able to access the ebsite from the troubled laptop again


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3c03e2ac924eed4790df5f0599a5dd0b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-18 07:31:04
# local_time=2010-06-18 03:31:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 97 0 212253638 0 0
# compatibility_mode=1793 16774142 0 4 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67178
# found=4
# cleaned=4
# scan_time=2580
C:\Documents and Settings\Heather Forsyth\Desktop\a.exe Win32/Spy.Zbot.BK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\cooper.mine.vir a variant of Win32/Kryptik.EYL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir.vir Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\compbatt.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

let me know how is your computer running.
  • 0

#13
godkyle

godkyle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
rebooted laptop, avast is no longer popping up with alerts.

OTL logfile created on: 6/18/2010 8:38:47 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Heather Forsyth\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 413.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.28 Gb Total Space | 37.99 Gb Free Space | 59.10% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.95 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HEATHER
Current User Name: Heather Forsyth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/19 10:38:34 | 000,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/25 17:47:12 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2006/08/02 01:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 01:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 01:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 01:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 01:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/08/02 01:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/03/16 16:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/03/02 03:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 20:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 16:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/10/06 09:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/16 15:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005/08/11 17:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 04:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/27 12:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/17 15:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2004/06/01 11:03:18 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2004/06/01 10:46:52 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/05/21 19:11:22 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/10 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/07/23 10:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/07/19 10:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/07/19 10:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/07/19 10:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006/08/02 01:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/08/02 01:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/08/02 01:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/02/07 20:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2008/07/19 10:37:42 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/07/19 10:37:21 | 000,094,416 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/07/19 10:35:18 | 000,078,416 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/07/19 10:33:42 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/19 10:32:36 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/07/19 10:32:15 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/25 22:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/05/30 20:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/04 19:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/02 03:46:54 | 000,191,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/12 21:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/29 22:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 07:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 09:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/01 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/07 21:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/05/27 11:47:16 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/05/21 15:16:50 | 000,245,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL20.sys -- (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1)
DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 15:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/12 15:36:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/17 23:10:20 | 000,000,000 | ---D | M]

[2009/02/25 20:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Extensions
[2010/06/18 01:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Firefox\Profiles\ghkghytc.default\extensions
[2010/05/03 23:49:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Heather Forsyth\Application Data\Mozilla\Firefox\Profiles\ghkghytc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/18 01:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/17 23:10:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/17 23:09:57 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/30 18:24:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/07/30 18:24:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/07/30 18:24:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/07/30 18:24:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/16 17:06:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [IERESETATTRIB] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Installing-ie8] C:\Documents and Settings\Heather Forsyth\Local Settings\temp\IE8-WindowsXP-x86-ENU[1].exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Heather Forsyth\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by123fd.bay12...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.shockwave...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://walmart.pnime...upv2.0.0.10.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/29 19:10:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/18 14:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/17 23:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/17 23:06:10 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Heather Forsyth\Desktop\JavaRa.exe
[2010/06/17 22:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\Application Data\Malwarebytes
[2010/06/17 22:44:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/17 22:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/17 22:44:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/17 22:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/17 22:39:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/17 22:38:12 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\TFC.exe
[2010/06/17 22:38:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Heather Forsyth\Desktop\mbam-setup-1.46.exe
[2010/06/16 16:51:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/16 16:48:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/16 16:48:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/16 16:48:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/16 16:48:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/16 16:48:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/16 16:48:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/16 16:29:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/16 00:29:27 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
[2010/06/15 23:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/06/15 22:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\DoctorWeb
[2010/06/14 22:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/14 22:57:22 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/14 22:57:20 | 000,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/14 22:57:18 | 000,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/14 22:57:16 | 000,094,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/06/14 22:57:15 | 000,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/14 22:57:15 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/14 22:57:14 | 000,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/14 22:57:14 | 000,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/14 22:56:46 | 001,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/14 22:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/12 18:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/12 15:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/12 15:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/12 15:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/12 15:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/12 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/11 21:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/10 22:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/10 22:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\vurkkwm
[2010/06/08 22:13:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\IECompatCache
[2010/06/08 22:12:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\PrivacIE
[2010/06/08 22:08:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Heather Forsyth\IETldCache
[2010/06/08 21:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/08 21:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/08 21:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/05/29 12:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/20 14:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2006/01/29 21:40:08 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[36 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/18 16:27:43 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Heather Forsyth\NTUSER.DAT
[2010/06/18 01:10:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/18 01:09:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/18 01:09:34 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/18 01:05:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Heather Forsyth\ntuser.ini
[2010/06/18 01:05:19 | 004,320,120 | -H-- | M] () -- C:\Documents and Settings\Heather Forsyth\Local Settings\Application Data\IconCache.db
[2010/06/17 22:44:50 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/17 22:34:20 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\JavaRa.zip
[2010/06/17 22:34:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Heather Forsyth\Desktop\mbam-setup-1.46.exe
[2010/06/17 22:33:08 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\TFC.exe
[2010/06/16 17:06:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/16 17:06:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/16 16:52:04 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/06/16 16:42:12 | 003,712,734 | R--- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\ComboFix.exe
[2010/06/16 00:29:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather Forsyth\Desktop\OTL.com
[2010/06/15 22:23:24 | 044,363,048 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\launch.exe
[2010/06/14 22:57:22 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/14 22:57:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/14 22:55:15 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100615-234104.backup
[2010/06/12 15:41:26 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 15:36:19 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 15:31:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 15:31:25 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/12 12:47:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/10 18:07:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 18:06:19 | 000,000,685 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 22:06:53 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 21:27:49 | 002,003,233 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/06/08 20:45:19 | 000,524,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/08 20:45:19 | 000,456,950 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/08 20:45:19 | 000,077,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 18:16:51 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100614-225515.backup
[2010/05/20 16:23:26 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/05/20 16:22:30 | 000,000,368 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/20 15:32:12 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-181651.backup
[2010/05/20 14:06:13 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-153212.backup
[2010/05/20 14:01:10 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-140613.backup
[2010/05/20 13:54:57 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Spybot - Search & Destroy.lnk
[2010/05/19 17:49:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/15 14:26:40 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Microsoft Word.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[36 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/17 23:06:10 | 000,245,103 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\JavaRa.def
[2010/06/17 22:44:50 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/17 22:38:11 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\JavaRa.zip
[2010/06/16 16:52:03 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/06/16 16:51:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/16 16:48:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/16 16:48:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/16 16:48:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/16 16:48:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/16 16:48:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/16 16:47:26 | 003,712,734 | R--- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\ComboFix.exe
[2010/06/15 23:20:01 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/15 22:32:46 | 044,363,048 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\launch.exe
[2010/06/14 22:57:22 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010/06/14 22:56:46 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/06/12 15:41:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/12 15:36:19 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/12 15:31:25 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/12 15:31:25 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/20 13:43:31 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Heather Forsyth\Desktop\Spybot - Search & Destroy.lnk
[2010/04/21 21:13:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/06 00:56:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009/11/07 00:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/05/02 18:25:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2007/05/02 18:25:55 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/02 18:25:28 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/23 20:06:00 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/23 11:20:27 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/09/04 19:37:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/30 02:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/29 21:40:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/01/29 21:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/01/29 20:59:57 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/01/29 20:59:57 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/01/29 20:59:07 | 000,000,368 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/29 20:58:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/01/29 20:58:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/01/29 20:58:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/01/29 20:58:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/01/29 20:58:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/01/29 20:58:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/01/29 20:53:08 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/01/29 20:53:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/01/29 20:53:08 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/01/29 20:53:08 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/01/29 20:52:21 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/29 19:42:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/29 19:15:55 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/29 17:55:21 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/02 18:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 01:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 21:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2006/12/23 20:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/01/06 00:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/09/17 20:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/08/23 21:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2010/06/14 23:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/12 15:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/13 12:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\Dropbox
[2007/05/02 18:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\FotoWire
[2006/12/26 15:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\InterVideo
[2007/10/26 20:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\Opera
[2008/07/08 21:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\OverDrive
[2006/01/29 20:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather Forsyth\Application Data\toshiba

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB0B938
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#14
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Thank you :)
  • 0

#15
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Thank you :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP