Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirects 2

Started by JPnMC , Nov 06 2010 01:14 PM

  • Please log in to reply

#1
JPnMC
Posted 06 November 2010 - 01:14 PM

JPnMC

    New Member

  • Member
  • Pip
  • 5 posts
Posted 28 October 2010 - 03:30 PM

When google search is executed results are displayed, however every available link takes me to ToseekA or Tazinga page. Occasionally Win32 is producing an error that I have not been able to reproduce recently. Also, a pop-up randomly comes up stating, "AV8 has found suspicious activity on your pc and will perform some action on your pc."

Today, I successfully removed Antispy Software by running regedit, finding the file, and deleting it.

Also today, I followed the instructions in the forum "How to fix Google Redirects" without success. I backed up the registry with ERUNT, downloaded OTM, downloaded GooredFix, and downloaded TDSSKiller. TDSSKiller cured a file in within system32.

OTM results are as follows:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\CLD\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\CLD\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: CLD
->Temp folder emptied: 134013439 bytes
->Temporary Internet Files folder emptied: 37603292 bytes
->Java cache emptied: 1306955 bytes
->Flash cache emptied: 271489 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 53564116 bytes
->Temporary Internet Files folder emptied: 73147596 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 892 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 393475508 bytes
->Java cache emptied: 4410731 bytes
->Flash cache emptied: 156144 bytes

User: mommy

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 154464189 bytes
->Flash cache emptied: 52887 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35481160 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77495482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 258746998 bytes

Total Files Cleaned = 1,170.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.17.1 log created on 10282010_153146

Files moved on Reboot...

Registry entries deleted on Reboot...


GooredFix results are as follows:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:47 on 28/10/2010 (CLD)
Firefox version [Unable to determine]

========== GooredScan ==========

Deleting file: "C:\WINDOWS\bk23567.dat" -> Success!
Deleting file: "C:\WINDOWS\fdgg34353edfgdfdf" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [11:10 15/08/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:02 16/09/2009]
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\" [14:21 01/09/2010]

-=E.O.F=-

Any assistance is greatly appreciated!

0 Report
Back to top of the page up there ^

--------------------------------------------------------------------------------
#2 andrewuk

Trusted Helper

Group:
Malware Removal Posts:
5,291 Joined:
18-August 07 Location:London, UK Operating System:XP Posted 29 October 2010 - 04:02 PM

Hello JPnMC

welcome to geekstogo and sorry to keep you waiting

lets get some upto date logs for me to analyse.


====STEP 1====
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

•Disconnect from the Internet and close all running programs.

•Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.

•Click on this link to see a list of programs that should be disabled.

•Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")

•Allow the driver to load if asked.

•You may be prompted to scan immediately if it detects rootkit activity.

•If you are prompted to scan your system click "No", save the log and post back the results.

•If not prompted, click the "Rootkit/Malware" tab.

•On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.

•Select all drives that are connected to your system to be scanned.

•Click the Scan button to begin. (Please be patient as it can take some time to complete)

•When the scan is finished, click Save to save the scan results to your Desktop.

•Save the file as Results.log and copy/paste the contents in your next reply.

•Exit the program and re-enable all active protection when done.




====STEP 2====
Download OTL to your desktop.


•Close all windows and open it by double clicking on the icon

•When the window appears, underneath Output at the top change it to Minimal Output

•Check the boxes beside LOP Check and Purity Check

•Click Run Scan and let the program run uninterrupted

•It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras. Post both those logs here.

•You may need to use two posts to get it all on the forum



In your next reply could i see:
1. the GMER log
2. the OTL log (it may only have one log this time)


The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

it is important you stick with us until the end of the fix - the final post is when we clear the quarantined infections, and those still lurking in your system restore points

the question to ask all businesses "if the internet was invented first, would this business exist today?" if the answer is "no", that is probably all you need to know

please dont PM me asking for a malware fix - i cant/wont get back to you. Please post your Hijackthis Log at Geeks to Go! > Security > Malware Removal - HijackThis™ Logs Go Here

my help is free and resolving your malware issues is payment enough. but if you want to make a donation then please , alternatively you can donate direct to the site here



0 + Like Report
Back to top of the page up there ^

--------------------------------------------------------------------------------
#3 andrewuk

Trusted Helper

Group:
Malware Removal Posts:
5,291 Joined:
18-August 07 Location:London, UK Operating System:XP Posted 02 November 2010 - 12:46 AM Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

it is important you stick with us until the end of the fix - the final post is when we clear the quarantined infections, and those still lurking in your system restore points

the question to ask all businesses "if the internet was invented first, would this business exist today?" if the answer is "no", that is probably all you need to know

please dont PM me asking for a malware fix - i cant/wont get back to you. Please post your Hijackthis Log at Geeks to Go! > Security > Malware Removal - HijackThis™ Logs Go Here

my help is free and resolving your malware issues is payment enough. but if you want to make a donation then please , alternatively you can donate direct to the site here
  • 0

Advertisements

#2
JPnMC
Posted 06 November 2010 - 01:15 PM

JPnMC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for the reply, and I apologize for the delayed response.

GMER log

GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-06 12:57:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 10.01E04
Running: 4dkjf865.exe; Driver: C:\DOCUME~1\CLD\LOCALS~1\Temp\awldypoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6D93360, 0x2456AE, 0xE8000020]
? C:\DOCUME~1\CLD\LOCALS~1\Temp\awldypow.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1928] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp udh.sys (udh/udh)

---- EOF - GMER 1.0.15 ----
  • 0

#3
JPnMC
Posted 06 November 2010 - 01:17 PM

JPnMC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL log

OTL logfile created on: 11/6/2010 1:03:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\CLD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 159.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): Z:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.80 Gb Total Space | 33.09 Gb Free Space | 46.74% Space Free | Partition Type: NTFS
Drive D: | 319.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 505.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 3.70 Gb Total Space | 3.02 Gb Free Space | 81.65% Space Free | Partition Type: NTFS

Computer Name: MEEKMEK | User Name: CLD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\CLD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\andy141.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell AIO Printer 946\DLCImon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcicoms.exe ( )
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\CLD\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (uudh) -- C:\WINDOWS\system32\udh.dll (udh)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (dlci_device) -- C:\WINDOWS\System32\dlcicoms.exe ( )
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)


========== Driver Services (SafeList) ==========

DRV - (TermDD) -- C:\WINDOWS\system32\drivers\termdd.sys ()
DRV - (udh) -- C:\WINDOWS\system32\drivers\udh.sys (udh)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/01 08:21:53 | 000,000,000 | ---D | M]

[2010/06/05 22:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CLD\Application Data\Mozilla\Extensions
[2009/09/20 19:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CLD\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/10/28 15:32:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DLCICATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.DLL ()
O4 - HKLM..\Run: [dlcimon.exe] C:\Program Files\Dell AIO Printer 946\dlcimon.exe (Dell)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [xuri49tkd] C:\WINDOWS\andy141.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\CLD\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1232569258112 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\CLD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\CLD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/21 13:57:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/02 13:48:08 | 000,000,914 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1999/03/25 13:27:07 | 000,001,716 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\AutoRun\command - "" = D:\aoesetup.exe -- [2001/07/27 16:19:12 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\directx\command - "" = D:\DIRECTX\DXSETUP.EXE -- [1999/01/08 15:10:00 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\dplay\command - "" = D:\DIRECTX\DPLAY61A.EXE -- [1999/06/18 12:35:30 | 000,485,600 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\dxdiag\command - "" = D:\GOODIES\AR40ENG.EXE -- [1999/05/27 15:01:48 | 005,455,526 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\dxinfo\command - "" = D:\GOODIES\DIRECTX\DXINFO.EXE -- [1997/07/14 21:00:00 | 000,299,520 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\dxtest\command - "" = D:\DIRECTX\DXDIAG.EXE -- [1999/01/08 15:10:00 | 001,253,648 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\dxtool\command - "" = D:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997/07/14 21:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\log\command - "" = D:\goodies\machine\machine.exe -- [1999/08/17 10:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\machine\command - "" = D:\GOODIES\MACHINE\MACHINE.EXE -- [1999/08/17 10:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\setup\command - "" = D:\aoesetup.exe -- [2001/07/27 16:19:12 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{059a9b42-e7b8-11dd-b74d-806d6172696f}\Shell\zone\command - "" = D:\GOODIES\MSZONE\ZONEA600.EXE -- [1999/09/01 12:16:04 | 006,753,985 | R--- | M] ()
O33 - MountPoints2\{aa9c725d-e81a-11dd-b757-0013722fbc29}\Shell - "" = AutoRun
O33 - MountPoints2\{aa9c725d-e81a-11dd-b757-0013722fbc29}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa9c725d-e81a-11dd-b757-0013722fbc29}\Shell\AutoRun\command - "" = J:\setup.EXE -- [1999/02/11 14:11:06 | 000,262,415 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{aa9c725d-e81a-11dd-b757-0013722fbc29}\Shell\configure\command - "" = J:\SETUP.EXE -- [1999/02/11 14:11:06 | 000,262,415 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{aa9c725d-e81a-11dd-b757-0013722fbc29}\Shell\install\command - "" = J:\SETUP.EXE -- [1999/02/11 14:11:06 | 000,262,415 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/06 13:01:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CLD\Desktop\OTL.exe
[2010/11/02 06:30:44 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/11/02 06:30:44 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/11/02 06:30:36 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/28 15:49:41 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CLD\Desktop\TDSSKiller.exe
[2010/10/28 15:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CLD\Desktop\GooredFix Backups
[2010/10/28 15:46:21 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\CLD\Desktop\GooredFix.exe
[2010/10/28 15:31:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/28 15:30:35 | 000,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CLD\Desktop\OTM.exe
[2010/10/28 15:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/28 15:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/28 15:26:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\CLD\Desktop\erunt-setup.exe
[2010/10/28 15:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/11 11:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/09 10:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CLD\Local Settings\Application Data\Temp
[2010/10/09 10:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/07 17:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2009/02/16 16:38:28 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlciserv.dll
[2009/02/16 16:38:28 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlciusb1.dll
[2009/02/16 16:38:28 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcihbn3.dll
[2009/02/16 16:38:28 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcicomc.dll
[2009/02/16 16:38:28 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcipmui.dll
[2009/02/16 16:38:28 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcilmpm.dll
[2009/02/16 16:38:28 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcicomm.dll
[2009/02/16 16:38:28 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlciinpa.dll
[2009/02/16 16:38:28 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlciiesc.dll
[2009/02/16 16:38:28 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\DLCIhcp.dll
[2009/02/16 16:38:28 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlciprox.dll
[2009/02/16 16:38:28 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcipplc.dll
[1 C:\Documents and Settings\CLD\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\CLD\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/06 13:01:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CLD\Desktop\OTL.exe
[2010/11/06 12:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/06 10:30:03 | 000,295,424 | ---- | M] () -- C:\4dkjf865.exe
[2010/11/06 09:50:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/06 09:48:31 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/06 09:48:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/06 09:48:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/05 02:56:24 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\1011201014611497.xxe
[2010/11/03 05:23:28 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/03 05:06:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/01 14:27:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\CLD\Desktop\Adobe Reader 9.lnk
[2010/10/30 18:29:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/29 05:07:46 | 000,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/29 05:07:46 | 000,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/28 16:01:05 | 000,000,001 | -H-- | M] () -- C:\WINDOWS\bk23567.dat
[2010/10/28 16:01:05 | 000,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2010/10/28 16:00:36 | 000,040,840 | ---- | M] () -- C:\WINDOWS\System32\drivers\termdd.sys
[2010/10/28 15:53:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/28 15:49:06 | 001,207,026 | ---- | M] () -- C:\Documents and Settings\CLD\Desktop\tdsskiller.zip
[2010/10/28 15:46:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\CLD\Desktop\GooredFix.exe
[2010/10/28 15:32:17 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/28 15:30:49 | 000,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CLD\Desktop\OTM.exe
[2010/10/28 15:27:19 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\CLD\Desktop\ERUNT.lnk
[2010/10/28 15:26:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\CLD\Desktop\erunt-setup.exe
[2010/10/28 14:39:47 | 000,167,936 | -H-- | M] () -- C:\WINDOWS\andy141.exe
[2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\CLD\Desktop\TDSSKiller.exe
[2010/10/25 12:19:41 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\CLD\Desktop\Joint_Budget_Sep_2010.xls
[2010/10/25 11:00:41 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\10112010146103111111.xxe
[2010/10/19 16:53:26 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\1011201014611010546.xxe
[2010/10/19 16:53:18 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\10112010146103.xxe
[2010/10/19 16:52:13 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\10112010146104100.xxe
[2010/10/19 16:52:11 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\1011201014610110550.xxe
[2010/10/19 16:51:34 | 000,155,648 | -H-- | M] () -- C:\WINDOWS\andy138.exe
[2010/10/16 22:45:22 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\053981014810299.xxe
[2010/10/15 15:43:43 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\052995010152101.xxe
[2010/10/15 15:42:39 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05351985398100.xxe
[2010/10/15 15:42:27 | 000,163,840 | -H-- | M] () -- C:\WINDOWS\andy137.exe
[2010/10/14 08:54:19 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05310049485252.xxe
[2010/10/14 08:53:12 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0505451565748.xxe
[2010/10/14 08:52:44 | 000,167,936 | -H-- | M] () -- C:\WINDOWS\andy136.exe
[2010/10/11 11:02:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 10:54:19 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\01024951545753.xxe
[2010/10/11 10:54:14 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\01025199535352.xxe
[2010/10/11 10:38:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/10 08:50:00 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\010010299575499.xxe
[2010/10/10 08:49:48 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05355981025452.xxe
[2010/10/09 15:04:33 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\04998511025450.xxe
[2010/10/09 09:41:18 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\010155101545350.xxe
[2010/10/08 20:59:07 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\048101981005057.xxe
[2010/10/08 20:59:04 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0102491015654102.xxe
[2010/10/07 14:26:59 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0565648555052.xxe
[1 C:\Documents and Settings\CLD\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\CLD\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/06 10:29:58 | 000,295,424 | ---- | C] () -- C:\4dkjf865.exe
[2010/11/05 02:56:24 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\1011201014611497.xxe
[2010/11/01 14:27:57 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\CLD\Desktop\Adobe Reader 9.lnk
[2010/10/28 16:01:05 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bk23567.dat
[2010/10/28 16:01:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2010/10/28 15:49:01 | 001,207,026 | ---- | C] () -- C:\Documents and Settings\CLD\Desktop\tdsskiller.zip
[2010/10/28 15:27:19 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\CLD\Desktop\ERUNT.lnk
[2010/10/28 14:39:47 | 000,167,936 | -H-- | C] () -- C:\WINDOWS\andy141.exe
[2010/10/25 11:00:41 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\10112010146103111111.xxe
[2010/10/19 16:53:26 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\1011201014611010546.xxe
[2010/10/19 16:53:18 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\10112010146103.xxe
[2010/10/19 16:52:13 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\10112010146104100.xxe
[2010/10/19 16:52:11 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\1011201014610110550.xxe
[2010/10/19 16:51:34 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\andy138.exe
[2010/10/16 22:45:22 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\053981014810299.xxe
[2010/10/15 15:43:43 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\052995010152101.xxe
[2010/10/15 15:42:39 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05351985398100.xxe
[2010/10/15 15:42:27 | 000,163,840 | -H-- | C] () -- C:\WINDOWS\andy137.exe
[2010/10/14 08:54:19 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05310049485252.xxe
[2010/10/14 08:53:12 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0505451565748.xxe
[2010/10/14 08:52:44 | 000,167,936 | -H-- | C] () -- C:\WINDOWS\andy136.exe
[2010/10/11 11:02:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 10:54:19 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\01024951545753.xxe
[2010/10/11 10:54:14 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\01025199535352.xxe
[2010/10/10 08:50:00 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\010010299575499.xxe
[2010/10/10 08:49:48 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05355981025452.xxe
[2010/10/09 15:04:33 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\04998511025450.xxe
[2010/10/09 09:58:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/09 09:58:43 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/09 09:41:18 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\010155101545350.xxe
[2010/10/08 20:59:07 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\048101981005057.xxe
[2010/10/08 20:59:04 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0102491015654102.xxe
[2010/10/07 14:26:59 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0565648555052.xxe
[2010/10/07 12:56:37 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0554999519853.xxe
[2010/10/07 12:56:33 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05455549848101.xxe
[2010/10/06 15:28:24 | 000,004,607 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/06 08:46:58 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0535199975654.xxe
[2010/10/06 08:46:55 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\0995799515652.xxe
[2010/10/06 08:45:53 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\010251541025456.xxe
[2010/10/04 19:18:15 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05450101555250.xxe
[2010/10/04 10:33:57 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\CLD\Application Data\srsf.bat
[2010/10/04 07:45:02 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\05057519957101.xxe
[2010/10/04 07:43:59 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\051101101515648.xxe
[2010/10/04 07:43:54 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\010155555710297.xxe
[2010/09/01 09:06:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/08/21 22:21:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/23 17:59:30 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\CLD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/16 16:39:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcivs.dll
[2009/02/16 16:39:06 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcicoin.dll
[2009/02/16 16:38:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcicnv4.dll
[2009/02/16 16:38:28 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlciutil.dll
[2009/02/16 16:38:28 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\DLCIinst.dll
[2009/02/16 16:38:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlciinsb.dll
[2009/02/16 16:38:28 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlciins.dll
[2009/02/16 16:38:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlcijswr.dll
[2009/02/16 16:38:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlciinsr.dll
[2009/02/16 16:38:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcicub.dll
[2009/02/16 16:38:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcicu.dll
[2009/02/16 16:38:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\DLCIcfg.dll
[2009/02/16 16:38:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcicur.dll
[2009/01/21 14:18:25 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/21 14:18:25 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/21 14:18:24 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/21 14:18:23 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/21 14:18:23 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/01/21 14:18:23 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/01/21 14:18:22 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/01/21 13:52:55 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/01/21 06:37:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/07/12 09:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/15 13:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/03 10:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/03 08:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CLD\Application Data\LimeWire
[2009/07/30 21:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CLD\Application Data\Unity
[2009/01/21 16:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CLD\Application Data\Windows Desktop Search
[2009/02/23 17:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CLD\Application Data\Windows Search

========== Purity Check ==========



< End of report >
  • 0

#4
JPnMC
Posted 06 November 2010 - 01:19 PM

JPnMC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Extras

OTL Extras logfile created on: 11/6/2010 1:03:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\CLD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 159.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): Z:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.80 Gb Total Space | 33.09 Gb Free Space | 46.74% Space Free | Partition Type: NTFS
Drive D: | 319.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 505.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 3.70 Gb Total Space | 3.02 Gb Free Space | 81.65% Space Free | Partition Type: NTFS

Computer Name: MEEKMEK | User Name: CLD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8087:TCP" = 8087:TCP:*:Enabled:udh

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\WINDOWS\system32\dlcicoms.exe" = C:\WINDOWS\system32\dlcicoms.exe:*:Enabled:Dell 946 Server -- ( )
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Dell AIO Printer 946" = Dell AIO Printer 946
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"hotel SalesPro Enterprise 2.0 Build 6944" = hotel SalesPro Enterprise 2.0 Build 6944
"hotel SalesPro Enterprise 2.0 Build 6962" = hotel SalesPro Enterprise 2.0 Build 6962
"hotel SalesPro Enterprise 2.0 Build 7263" = hotel SalesPro Enterprise 2.0 Build 7263
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.2.13
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"RealVNC_is1" = VNC Free Edition 4.1.2
"UnityWebPlayer" = Unity Web Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2010 4:15:04 AM | Computer Name = MEEKMEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/26/2010 8:25:12 AM | Computer Name = MEEKMEK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/26/2010 8:25:12 AM | Computer Name = MEEKMEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/28/2010 5:17:13 PM | Computer Name = MEEKMEK | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/28/2010 5:17:46 PM | Computer Name = MEEKMEK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/28/2010 5:17:49 PM | Computer Name = MEEKMEK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/28/2010 5:17:54 PM | Computer Name = MEEKMEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/28/2010 5:18:07 PM | Computer Name = MEEKMEK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/28/2010 5:18:07 PM | Computer Name = MEEKMEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/28/2010 5:55:11 PM | Computer Name = MEEKMEK | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x7c923845.

[ System Events ]
Error - 11/5/2010 11:50:02 PM | Computer Name = MEEKMEK | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/5/2010 11:50:09 PM | Computer Name = MEEKMEK | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/5/2010 11:50:15 PM | Computer Name = MEEKMEK | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/5/2010 11:50:22 PM | Computer Name = MEEKMEK | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/5/2010 11:50:29 PM | Computer Name = MEEKMEK | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/6/2010 11:50:17 AM | Computer Name = MEEKMEK | Source = Service Control Manager | ID = 7022
Description = The uudh service hung on starting.

Error - 11/6/2010 1:25:32 PM | Computer Name = MEEKMEK | Source = Dhcp | ID = 1002
Description = The IP address lease 76.25.241.91 for the Network Card with network
address 0013722FBC29 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/6/2010 1:26:04 PM | Computer Name = MEEKMEK | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 0013722FBC29.

Error - 11/6/2010 2:58:22 PM | Computer Name = MEEKMEK | Source = Dhcp | ID = 1002
Description = The IP address lease 76.25.241.91 for the Network Card with network
address 0013722FBC29 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/6/2010 2:58:54 PM | Computer Name = MEEKMEK | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 0013722FBC29.


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP