Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Goored [Solved]

Started by kleinstadt , Jun 24 2010 05:02 PM

  • This topic is locked This topic is locked

#1
kleinstadt
Posted 24 June 2010 - 05:02 PM

kleinstadt

    New Member

  • Member
  • Pip
  • 5 posts
I can't quite tell if Goored keeps reinstalling itself with every boot or if it's gone. I don't understand the difference between the scan and the log below.

I disabled the Java plug in, so it no longer works if it's on my machine, but I'd like to totally get rid of it if I could. Thanks!

GooredFix by jpshortstuff (08.01.10.1)
Log created at 17:54 on 24/06/2010 [username]
Firefox version 3.6.4 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [22:34 24/06/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:25 24/06/2010]

C:\Documents and Settings\[username]\Application Data\Mozilla\Firefox\Profiles\z3n4mmpc.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

---------- Old Logs ----------
GooredFix[00.24.49_24-06-2010].txt
GooredFix[04.59.45_24-06-2010].txt
GooredFix[05.25.48_24-06-2010].txt
GooredFix[12.10.40_23-06-2010].txt
GooredFix[22.20.24_24-06-2010].txt
GooredFix[22.21.05_24-06-2010].txt
GooredFix[22.21.20_24-06-2010].txt
GooredFix[22.22.48_24-06-2010].txt
GooredFix[22.32.08_24-06-2010].txt

-=E.O.F=-
  • 0

Advertisements

#2
Onaipian
Posted 24 June 2010 - 06:07 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello, and Welcome to GeekstoGo. :)
That log shows that no active Goored infection was found. Are you experiencing search redirecting?

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

  • Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#3
kleinstadt
Posted 24 June 2010 - 06:13 PM

kleinstadt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No redirects anymore. I just don't understand what the "goodred log" part is. I think it might be the suspected locations where Goodred hides, but I didn't come up with that until after my post.

Thanks for your help. You guys are pretty unreal, especially for doing all this work for just a pat on the back.
  • 0

#4
Onaipian
Posted 24 June 2010 - 06:25 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
You got it, for the most part, spoton. :)
If you would like to do the OTL Scan, I'll take a look to make sure everything is good.

And... Thanks\You're Welcome :)
  • 0

#5
kleinstadt
Posted 24 June 2010 - 06:51 PM

kleinstadt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well, since you're offering, OTC Scan to come later tonight.
  • 0

#6
Onaipian
Posted 24 June 2010 - 07:12 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Cool. :) It's bedtime for me though, so I'll check it tomorrow.
  • 0

#7
kleinstadt
Posted 24 June 2010 - 10:16 PM

kleinstadt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 6/24/2010 10:54:16 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\[username]\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 476.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 101.09 Gb Free Space | 70.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWLDELL
Current User Name: [username]
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/24 22:48:30 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[username]\Desktop\OTL.exe
PRC - [2010/06/07 12:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/04/10 12:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/30 10:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/09/15 03:52:53 | 000,393,216 | ---- | M] (2Wire, Inc.) -- C:\Program Files\2Wire\2PortalMon.exe


========== Modules (SafeList) ==========

MOD - [2010/06/24 22:48:30 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[username]\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2002/12/17 20:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - [2010/06/24 17:41:22 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/21 19:51:48 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tfxhxa.sys -- (bemc)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/06/19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/10/06 11:48:18 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/10/01 16:49:42 | 000,010,624 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2007/10/01 16:49:33 | 000,027,008 | ---- | M] (F5 Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\urvpndrv.sys -- (urvpndrv)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/08/17 07:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/09/15 03:42:18 | 000,170,496 | R--- | M] (2wire) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wltwo48b.sys -- (wltwo48b)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://shccwebporta...auth/login.aspx
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://yahoo.sbc.com/dsl"
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 00:09:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 00:09:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/06/23 19:29:01 | 000,000,000 | ---D | M]

[2008/09/08 18:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\Mozilla\Extensions
[2010/06/24 17:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\Mozilla\Firefox\Profiles\z3n4mmpc.default\extensions
[2007/07/02 16:34:42 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\[username]\Application Data\Mozilla\Firefox\Profiles\z3n4mmpc.default\searchplugins\siteadvisor.xml
[2009/04/21 23:00:44 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\[username]\Application Data\Mozilla\Firefox\Profiles\z3n4mmpc.default\searchplugins\winamp-search.xml
[2010/06/24 17:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 17:34:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]

O1 HOSTS File: ([2009/08/11 23:49:56 | 000,010,128 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost #***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 barteros.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best-targeted-traffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 brazauskas.info # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 centralgate.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 clickfast.biz # ***Inserted By STOPzilla***
O1 - Hosts: 134 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: emdat.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: mytranscriptions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: emdat.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: emdat.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: luhs.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mytranscriptions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mytranscriptions.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: shccwebportal ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://firepass.luh...,2007,1001,2147 (F5 Networks VPN Manager)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\[weird permutation of username]\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://firepass.luh...,2007,1001,2136 (F5 Networks SSLTunnel)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1131903731671 (MUWebControl Class)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} http://us-download.m...ted/mvt/mvt.cab (McAfee Virtual Technician Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} http://gecentricityw...l/amiviewer.cab (AMI Pictorial Control CWeb 2.1 SPa06)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_13)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://firepass.luh...,2007,1001,2141 (F5 Networks SuperHost Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://firepass.luh...,2007,1001,2140 (F5 Networks Host Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://icare.cdh.or...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file://D:\CDVIEWER\CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\[username]\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\[username]\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{b262bc90-7c52-11dc-ab72-00132092172d}\Shell - "" = AutoRun
O33 - MountPoints2\{b262bc90-7c52-11dc-ab72-00132092172d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b262bc90-7c52-11dc-ab72-00132092172d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/24 22:48:29 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\[username]\Desktop\OTL.exe
[2010/06/24 00:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/23 19:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/06/23 19:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/06/23 19:27:58 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/06/23 07:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/23 07:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/06/23 07:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[username]\Desktop\GooredFix Backups
[2010/06/22 22:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[username]\My Documents\Anti-viral programs
[2010/06/22 18:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[username]\Application Data\SUPERAntiSpyware.com
[2010/06/22 18:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/22 18:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/21 17:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[username]\Application Data\Malwarebytes
[2010/06/21 17:50:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/21 17:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/21 17:50:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/21 17:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/20 07:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/26 19:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/04 21:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[username]\My Documents\n558419862_4238
[2010/04/20 22:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\[username]\Desktop\beerhunter
[2010/04/05 08:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 08:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 07:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/24 22:49:09 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\[username]\NTUSER.DAT
[2010/06/24 22:48:30 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\[username]\Desktop\OTL.exe
[2010/06/24 22:34:20 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\[username]\My Documents\VOUCHER ROOM.doc
[2010/06/24 17:46:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/24 17:45:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/06/24 17:44:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/24 17:44:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/24 17:44:40 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/24 17:43:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\[username]\ntuser.ini
[2010/06/24 17:43:18 | 006,955,890 | -H-- | M] () -- C:\Documents and Settings\[username]\Local Settings\Application Data\IconCache.db
[2010/06/24 17:41:22 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/06/24 17:41:20 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/06/24 17:41:20 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/24 00:40:50 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/24 00:09:22 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\[username]\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/24 00:09:22 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/23 23:58:40 | 000,551,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 23:58:40 | 000,463,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 23:58:40 | 000,080,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 23:52:29 | 002,726,921 | ---- | M] () -- C:\Documents and Settings\[username]\My Documents\Firefox 3.6.4 (en-US) - 2010-06-23.pcv
[2010/06/23 23:46:18 | 000,000,678 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/23 23:46:18 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/23 23:46:18 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/06/23 07:33:26 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\[username]\Desktop\HijackThis.lnk
[2010/06/23 06:43:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lpovetu.bin
[2010/06/22 06:32:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jtowu.dat
[2010/06/21 19:51:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\tfxhxa.sys
[2010/06/21 17:50:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/20 07:38:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\[username]\Application Data\chrtmp
[2010/06/17 22:18:36 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\[username]\Desktop\VPN Client.lnk
[2010/06/11 20:36:36 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 19:54:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 23:53:55 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\[username]\Desktop\Microsoft Office Excel 2003.lnk
[2010/06/07 17:48:37 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\[username]\My Documents\[document name].xls
[2010/06/02 23:25:37 | 000,828,831 | ---- | M] () -- C:\Documents and Settings\[username]\ [document name]..pdf
[2010/06/02 23:20:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\[username]\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/02 20:26:30 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\[username]\My Documents\billhistory.xls
[2010/05/31 07:42:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/26 21:15:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/26 20:30:24 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\[username]\pool.bin
[2010/05/26 19:58:44 | 004,729,360 | ---- | M] () -- C:\Documents and Settings\[username]\My Documents\LoaderBackup-(2010-05-26).ipd
[2010/05/26 19:29:37 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\[username]\Desktop\Desktop Manager.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 22:27:19 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\[username]\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/16 18:37:21 | 000,562,201 | ---- | M] () -- C:\Documents and Settings\[username]\My Documents\20010 Malt Country Group catalog.pdf
[2010/04/12 15:09:08 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\[username]\Desktop\[document name].xls
[2010/03/30 22:44:28 | 000,114,112 | ---- | M] () -- C:\Documents and Settings\[username]\Desktop\MUA_w_copay_chart-updated_0203.pdf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/24 22:34:19 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\[username]\My Documents\VOUCHER ROOM.doc
[2010/06/24 00:09:22 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\[username]\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/24 00:09:22 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/23 23:52:24 | 002,726,921 | ---- | C] () -- C:\Documents and Settings\[username]\My Documents\Firefox 3.6.4 (en-US) - 2010-06-23.pcv
[2010/06/23 19:29:41 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/06/23 19:29:41 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/23 18:55:26 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/23 07:33:26 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\[username]\Desktop\HijackThis.lnk
[2010/06/21 19:51:48 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\tfxhxa.sys
[2010/06/21 17:50:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/20 07:39:47 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jtowu.dat
[2010/06/20 07:39:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lpovetu.bin
[2010/06/20 07:38:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\[username]\Application Data\chrtmp
[2010/06/02 23:25:37 | 000,828,831 | ---- | C] () -- C:\Documents and Settings\[username]\My Documents\Presidents, Space, Medical Miracles.pdf
[2010/06/02 20:26:30 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\[username]\My Documents\billhistory.xls
[2010/05/26 19:58:44 | 004,729,360 | ---- | C] () -- C:\Documents and Settings\[username]\My Documents\LoaderBackup-(2010-05-26).ipd
[2010/05/26 19:41:06 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\[username]\pool.bin
[2010/04/16 18:37:21 | 000,562,201 | ---- | C] () -- C:\Documents and Settings\[username]\My Documents\20010 Malt Country Group catalog.pdf
[2010/04/12 15:09:08 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\[username]\Desktop\Copy of Attending Pulm and Crit Care Med System Schedule 2010-2011 Draft 2 041010.xls
[2010/04/05 08:09:29 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 22:44:28 | 000,114,112 | ---- | C] () -- C:\Documents and Settings\[username]\Desktop\MUA_w_copay_chart-updated_0203.pdf
[2009/09/06 15:48:05 | 000,000,060 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/06/19 18:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 18:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/06 12:32:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
[2007/10/06 12:32:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
[2007/10/06 12:32:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info3.ini
[2007/06/05 18:01:34 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/10 13:06:00 | 000,446,528 | ---- | C] () -- C:\WINDOWS\40chlib.dll
[2006/10/05 16:13:28 | 000,000,263 | ---- | C] () -- C:\WINDOWS\TPDATAQ.INI
[2006/10/05 16:13:25 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SKLOG.INI
[2006/10/05 16:13:23 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\DI101NT.DLL
[2006/10/05 16:13:20 | 000,000,812 | ---- | C] () -- C:\WINDOWS\Meter32.ini
[2005/11/20 15:21:56 | 000,000,357 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/12 13:48:07 | 000,003,402 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/12 13:48:07 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\F6E337E5AF.sys
[2005/11/11 20:37:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/05 15:51:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/05 15:43:09 | 000,000,529 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/05 15:33:23 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/05 15:11:28 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/11 23:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/05/26 19:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/10/06 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\[username]
[2007/04/24 20:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/05/10 00:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/04/19 14:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
[2010/04/05 08:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/25 18:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/27 16:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\Blackberry Desktop
[2007/09/27 16:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\Flickr
[2006/02/02 23:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\ICAClient
[2007/11/20 19:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\Juniper Networks
[2005/11/21 21:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\Leadertech
[2006/10/15 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\NCH Swift Sound
[2007/10/18 19:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\Printer Info Cache
[2009/03/27 17:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\Research In Motion
[2007/10/06 12:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\[username]\Application Data\SyncCell

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/23 23:46:18 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/10/06 12:05:48 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2005/11/05 15:15:16 | 000,005,545 | RH-- | M] () -- C:\dell.sdr
[2010/06/24 17:44:40 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2005/11/12 14:27:33 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/11/05 15:42:58 | 000,000,840 | -H-- | M] () -- C:\IPH.PH
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/02 19:30:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/24 17:44:39 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/06/23 18:49:45 | 000,000,424 | ---- | M] () -- C:\rkill.log
[2005/11/05 15:43:07 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2009/08/17 18:17:05 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
< End of report >


OTL Extras logfile created on: 6/24/2010 10:54:16 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\[username]\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 476.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 101.09 Gb Free Space | 70.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWLDELL
Current User Name: [username]
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0C5ACB7F-72BF-4524-9884-C1C1DFF18E3F}" = Origin7
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DC10A7C-B835-44BA-874D-E23526359703}" = Horizon MI View
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142130}" = Java 2 Runtime Environment, SE v1.4.2_13
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
"Across Lite" = Across Lite
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Citrix Web Client" = Citrix Web Client
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Flickr Uploadr" = Flickr Uploadr 2.5.0.15
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"PROSet" = Intel® PRO Network Connections Drivers
"ShockwaveFlash" = Macromedia Flash Player 8
"ST6UNST #1" = Ana Ver 3.46
"ST6UNST #5" = Data Processing
"StreetPlugin" = Learn2 Player (Uninstall Only)
"WavePad" = WavePad Uninstall
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Winamp" = Winamp
"Windaq194" = Windaq194
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2010 6:07:38 PM | Computer Name = SWLDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/21/2010 6:07:39 PM | Computer Name = SWLDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/21/2010 6:07:39 PM | Computer Name = SWLDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/21/2010 6:07:39 PM | Computer Name = SWLDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/11/2010 2:06:16 AM | Computer Name = SWLDELL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/24/2010 6:07:31 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde szkg

Error - 6/24/2010 6:26:09 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 6/24/2010 6:26:11 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 6/24/2010 6:26:11 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde szkg

Error - 6/24/2010 6:38:30 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 6/24/2010 6:38:40 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 6/24/2010 6:38:40 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg

Error - 6/24/2010 6:46:18 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 6/24/2010 6:46:30 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 6/24/2010 6:46:30 PM | Computer Name = SWLDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg


< End of report >
  • 0

#8
Onaipian
Posted 25 June 2010 - 05:45 AM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Just a few little things :)
Is everything running smoothly?

Run OTL (Double click to run)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
DRV - [2010/06/21 19:51:48 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tfxhxa.sys -- (bemc)
[2010/06/23 06:43:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lpovetu.bin
[2010/06/22 06:32:14 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jtowu.dat
[2010/06/20 07:38:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\[username]\Application Data\chrtmp

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, and accept to reboot when it's finished.
  • During start-up, a log will open. Paste the contents of it back here

  • 0

#9
kleinstadt
Posted 25 June 2010 - 04:55 PM

kleinstadt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Things were running pretty slow, then I caught the AV Security Suite virus and things were really screwed. Once I cleaned that (and a few others I didn't know about), things were running pretty smoothly. Then I discovered Goored.

Could you explain what my few little things were? I'm trying to learn as I go.

All processes killed
========== OTL ==========
Service bemc stopped successfully!
Service bemc deleted successfully!
C:\WINDOWS\system32\drivers\tfxhxa.sys moved successfully.
C:\WINDOWS\Lpovetu.bin moved successfully.
C:\WINDOWS\Jtowu.dat moved successfully.
C:\Documents and Settings\[username]\Application Data\chrtmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 204952 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 2109181 bytes
->Temporary Internet Files folder emptied: 276852583 bytes
->FireFox cache emptied: 88350956 bytes
->Flash cache emptied: 13488 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 71110 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10808270 bytes
->Flash cache emptied: 3483 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: [username]
->Temp folder emptied: 456314288 bytes
->Temporary Internet Files folder emptied: 41944062 bytes
->Java cache emptied: 140541510 bytes
->FireFox cache emptied: 89046773 bytes
->Flash cache emptied: 118736 bytes

User: [weird permuation of username]

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4637201 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 57285186 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23948568 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,137.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 06252010_172737

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_47c.dat not found!

Registry entries deleted on Reboot...
  • 0

#10
Onaipian
Posted 25 June 2010 - 05:09 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
First thing was a randomly-named driver. I can't tell you what infection it belongs to, but I know that's it's a bad entry... :)
There were two harmless files, but malware-related nonetheless. Just data files.
You also had a random folder in Application Data, which is part of the Rogue AV Suite infection you mentioned.

If you want to learn, I suggest you check out Geeks to Go's training program.

We just have to clean-up now:

:)
You're in the All Clear! Here are a few cleanup procedures that are a must after malware removal. Also, I have a few program recommendations I like to suggest.


System Restore
System Restore creates snapshots of your computer, called Restore Points, so that in the event something goes wrong, you can restore your computer to an earlier date. Viruses would have gotten got in the Restore Point snapshots also and can reinfect you if you restore to an infected date. Clearing the Restore Points and making a new one is essential after removal:
  • Open OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :commands
[CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top.
  • You may or may not be asked to reboot. In any case, I don't need the log that follows.



Removal of Removal-Tools
This is to make sure that tools that any powerful tools we used aren't left behind and to make sure that if you ever get reinfected, you will download all the most recent tools.
  • Open OTL.
  • In the top right corner will be a button called "Clean Up!"; click it.
  • Follow any prompts, and reboot when prompted.
  • OTL will be gone on startup also. Delete any logs or leftover tools manually.


Windows Updates
You should visit Windows Update about once a month, to receive Security Fixes, Hot Fixes and Service Packs. These are all important to fix things like bugs to vulnerabilities which could lead to infection.

Go to Tools > Windows Update, within Internet Explorer
  • Click Express. It will check for updates for your computer.
  • Click Install Updates. A windows should pop up giving the status of each update.
  • Reboot when prompted.

If you're feeling lazy you can turn on Automatic Updates which will do the work for you.
  • Click Start, then Control Panel
  • Click Automatic Updates
  • Check Automatic (Recommended)
  • Ok your way out.

More information about Windows Updates and clear configuration instructions can be found here.




Prevention Programs and Practices
  • Two AntiSpyware \ AntiMalware programs that are effective, easy to use, and free. A weekly scanning with one or both of these tools can be very useful in preventing\removing a wide variety of infections. I strongly recommend these products:
  • The following are two alternative web-browsers. Both are great choices (And can be installed and used with Internet Explorer still present!) You may wish to experiment with the two, to decide which you prefer.
  • Cleans out temporary files safely and effective. It does not clean out URL history, prefetch, or cookies.
  • Keep your programs and applications up to date. This is important, not only for content, but for vulnerability-fixes. Here are a few you should definitely keep up-to-date if you have them:


If you are wondering how you got infected in the first place please visit this cool page called:
How did I get infected in the first place?

Glad I could help, piano9playa5 :)
  • 0

#11
Onaipian
Posted 30 June 2010 - 07:04 AM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP