Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP wont boot, only blinking cursor


  • This topic is locked This topic is locked

#1
amacemon

amacemon

    Member

  • Member
  • PipPip
  • 14 posts
Hi, first, I want to say that this forum is amazing. Thank you in advance for the help.

I have a Dell 700m laptop with windows XP. While online, I got a virus notification from McAfee, and then upon restarting my computer, it wont boot. It loads the Dell screen(where I can press F2 or F12) but following this screen, it only has a blank screen with a blinking cursor. (I cant type anything on the cursor screen) It never gets to the windows logo screen.

Searching through the forums, I found quite a few other people that seem to have the same problem. Some of the solution steps started to go over my head, so didnt want to continue without some personal instructions.

thanks again
  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amacenon,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

On a clean XP machine

  • Please do the following:
  • Open "My Computer" on the desktop.
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders, find "Hide extension for known file types" and uncheck it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

Next

  • Insert your USB Flash Drive (UFD).
  • Download hpusbfw.exe to your Desktop.
  • Double click "hpusbfw.exe" to run HP USB Disk Storage Format Tool 2.0.6.0.
    • Choose your USB under "Device"
    • For "File system", choose "FAT"
    • Under "Volume label", type in the name "Bootloader"
    • Leave un-checked "Quick Format" and "Create a DOS startup disk"
    • Click "Start"
  • Copy these two files, from the root of the Windows drive (C:\) to the UFD:

    NTLDR
    Ntdetect.com

Next

  • Open Notepad (go to Start>All Programs>Accessories and click Notepad)
  • Copy the contents of the codebox below using CTRL+C (or selecting all the text in the box, and right clicking on it and selecting Copy)
    [boot loader]
    timeout=-1
    default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="A) Emergency Boot Loader" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="B) Emergency Boot Loader 2nd Partition" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="C) Alternate Boot Loader" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="D) Alternate Boot Loader 2nd Partition" /fastdetect /NoExecute=OptOut
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
    
  • Now return to Notepad and use CTRL + V (or rightclick on the whitespace and Paste) to paste the script
  • Verify that you have pasted the complete script
  • Save the Notepad file to the UFD as "boot.ini" using Save as Type: All files

Your Emergency Bootloader is now ready.

Booting using the Emergency Bootloader.
  • Insert the USB (UFD) to the ailing computer.
  • Reboot the system using the UFD Bootloader you just created.
  • Depending on how the harddisk is partitioned, choosing (A) Emergency Bootloader will most of the time do the trick. If however it doesnt work, please try options B,C and D

Note : If you do not know how to set your computer to boot from USB follow the steps here


Next

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.

  • 1

#3
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the results of the OTL scan:




OTL logfile created on: 12/20/2010 7:55:47 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.32 Gb Total Space | 3.37 Gb Free Space | 9.82% Space Free | Partition Type: NTFS
Drive E: | 244.71 Mb Total Space | 244.42 Mb Free Space | 99.88% Space Free | Partition Type: FAT

Computer Name: ANDREW-16C4F960 | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/07/21 16:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/01/07 00:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/06/26 05:17:34 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 17:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 18:12:08 | 000,348,672 | ---- | M] () -- C:\WINDOWS\apiyadom.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/06 19:37:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2008/06/18 09:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/16 17:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/07/21 11:42:08 | 000,055,808 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm)
DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 14:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/08/13 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 00:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
DRV - [2000/02/22 16:46:40 | 000,009,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\Ticalc.sys -- (TICalc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

FF - HKLM\software\mozilla\Firefox\extensions\\{7F8AA636-840D-4B04-84AB-3371E218B197}: C:\Documents and Settings\Andrew\Local Settings\Application Data\{7F8AA636-840D-4B04-84AB-3371E218B197} [2010/12/20 05:39:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/23 07:57:27 | 000,416,826 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14388 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Qrukot] C:\WINDOWS\apiyadom.DLL ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Hkenuqidefayoqev] C:\WINDOWS\padtsve.DLL (Acronis)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1180738616585 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} http://h30155.www3.h...hp.cab?1,0,0,94 (HP Content Update)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/07 18:38:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{432aa050-c987-11df-b7c8-000f1fb0c6c6}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{6fe49f2d-fe7f-11db-b6f5-000b7d163561}\Shell - "" = AutoRun
O33 - MountPoints2\{6fe49f2d-fe7f-11db-b6f5-000b7d163561}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6fe49f2d-fe7f-11db-b6f5-000b7d163561}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 19:54:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/12/20 05:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\{7F8AA636-840D-4B04-84AB-3371E218B197}
[2010/12/20 05:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gAcKp06501
[2010/12/16 05:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/16 05:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/16 05:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/12/20 19:50:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/20 19:49:22 | 2129,121,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 19:49:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 19:37:27 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/20 19:37:27 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/20 19:24:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ddewux.dat
[2010/12/20 19:24:30 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Defragmenter.lnk
[2010/12/20 05:39:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dlorovujepopep.bin
[2010/12/20 05:31:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003UA.job
[2010/12/19 11:15:38 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\2010 family christmas gifts.xls
[2010/12/19 09:31:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003Core.job
[2010/12/15 19:44:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 03:23:05 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 03:06:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 01:32:10 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Google Chrome.lnk
[2010/12/15 01:32:10 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/14 20:11:49 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Microsoft Word.lnk
[2010/12/11 22:36:32 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 19:52:10 | 000,108,642 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\pic.jpg
[2010/12/07 21:18:48 | 005,885,307 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\MacemonFamilyHistoryProject.pdf
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 15:27:02 | 000,141,229 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ISE__690_Homework_number_7_Solutions7.docx
[2010/11/28 10:30:26 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\christmas list.xls
[2010/11/27 17:16:15 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ISE 627 Homework 3-Macemon.doc
[2010/11/24 14:51:23 | 061,437,952 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\MomDad.mpg
[2010/11/23 09:49:55 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\Mboro baby shower.xls
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/20 19:24:30 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Defragmenter.lnk
[2010/12/10 19:52:20 | 000,108,642 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\pic.jpg
[2010/12/07 21:18:48 | 005,885,307 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\MacemonFamilyHistoryProject.pdf
[2010/11/28 15:27:02 | 000,141,229 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ISE__690_Homework_number_7_Solutions7.docx
[2010/11/27 17:16:14 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ISE 627 Homework 3-Macemon.doc
[2010/11/24 14:51:23 | 061,437,952 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\MomDad.mpg
[2010/07/19 19:42:23 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\BBMS_EXCEPTION.txt
[2010/03/27 11:41:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/27 11:40:38 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/27 11:40:38 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/02/07 16:37:49 | 000,009,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\Ticalc.sys
[2010/01/26 21:56:02 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/06/08 09:57:06 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/08 09:57:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/12 12:00:37 | 000,000,103 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/05/30 18:19:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/30 17:56:08 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/05/30 17:56:08 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/05/30 17:53:41 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2007/05/30 17:52:58 | 000,007,877 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2007/05/11 13:37:58 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/10 19:38:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2007/05/09 16:49:57 | 000,000,375 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/08 19:13:47 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/08 18:37:20 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/05/07 20:24:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/05/07 20:24:17 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/05/07 18:55:13 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/05/07 12:45:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/22 12:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 07:31:53 | 000,348,672 | ---- | C] () -- C:\WINDOWS\apiyadom.dll

========== LOP Check ==========

[2008/05/22 05:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/20 05:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gAcKp06501
[2008/08/24 20:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/03/27 11:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/03/17 20:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/12/07 08:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/15 10:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/25 18:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/10 07:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/02 20:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/11 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/05/08 17:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\acccore
[2009/11/20 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Amazon
[2008/02/09 08:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Canon
[2007/06/21 18:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\CEIVA
[2010/03/28 18:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Facebook
[2008/02/23 14:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Flickr
[2010/11/04 12:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\GetRightToGo
[2007/05/20 15:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Leadertech
[2010/03/27 11:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\pdf995
[2010/07/19 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Research In Motion
[2010/03/27 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TaxCut
[2007/06/21 05:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/05/22 05:12:26 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2007/05/07 18:38:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/23 18:54:02 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/05/07 18:38:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/20 19:49:22 | 2129,121,280 | -HS- | M] () -- C:\hiberfil.sys
[2007/05/07 18:38:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/15 10:50:32 | 000,002,114 | -H-- | M] () -- C:\IPH.PH
[2007/05/07 18:38:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 07:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/11 21:57:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/20 19:49:20 | 780,140,544 | -HS- | M] () -- C:\pagefile.sys
[2010/08/23 19:14:33 | 000,000,371 | ---- | M] () -- C:\rkill.log
[2008/05/13 05:11:27 | 000,000,156 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/05/07 12:43:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/07 12:43:41 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/07 12:43:41 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-18 09:01:34

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1357 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA27AABF

< End of report >







OTL Extras logfile created on: 12/20/2010 7:55:47 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.32 Gb Total Space | 3.37 Gb Free Space | 9.82% Space Free | Partition Type: NTFS
Drive E: | 244.71 Mb Total Space | 244.42 Mb Free Space | 99.88% Space Free | Partition Type: FAT

Computer Name: ANDREW-16C4F960 | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0E73F713-7E73-4C6E-B385-4D09DF3B9141}" = Adobe Setup
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2DB97730-FA0D-4911-8E59-737240E84AA9}" = Garmin MapSource
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33F1EEC8-93C8-4CC5-9C33-6698A4A627BA}" = TIPCIxx20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{395768CD-30FF-4A31-86FE-3DA1A5EAED2F}" = Adobe CMM
"{3E06692C-9835-4A72-B157-3084A2EEF158}" = H&R Block Alabama 2009
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5301C483-40FB-4F94-B56E-D7D5A114D2F6}" = Garmin City Navigator North America NT v8
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CC0FE6B-D32D-4536-A7A8-992596A572B4}" = eBook: English Language, Literature, and Composition Content Knowledge Practice Test
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8FD66F0B-38FF-4834-88FF-56DC214A62ED}" = hp deskjet 5800
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}" = Adobe Photoshop Lightroom 2.2
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5EF7396-54AB-4D78-B83D-B211D977BB74}" = TurboTax 2008 waliper
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_20605a51cb0190b8e219bc496fc6aa0" = Adobe CMM
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CEIVA Sender_is1" = CEIVA Sender
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"CSCLIB" = Canon Camera Support Core Library
"Dynamic-Photo HDR (Trial)_is1" = Dynamic-Photo HDR (Trial/Showcase 2.3)
"Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.1
"EOS Utility" = Canon Utilities EOS Utility
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"FLV Player" = FLV Player 2.0 (build 25)
"GSAK (Geocaching Swiss Army Knife)_is1" = GSAK 7.0.4.17 (Final)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{33F1EEC8-93C8-4CC5-9C33-6698A4A627BA}" = Texas Instruments PCIxx20 drivers.
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"ReDynaMix HDR (Adobe Photoshop Plug-in)_is1" = DCETools - ReDynaMix HDR 1.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Tool2011" = System Tool2011
"SystemRequirementsLab" = System Requirements Lab
"TI-Black Link" = TI-Black Link
"TurboTax 2008" = TurboTax 2008
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2010 9:22:26 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 81707

Error - 12/20/2010 9:22:51 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2010 9:22:51 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 106002

Error - 12/20/2010 9:22:51 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 106002

Error - 12/20/2010 9:23:03 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2010 9:23:03 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 118490

Error - 12/20/2010 9:23:03 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 118490

Error - 12/20/2010 9:23:16 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2010 9:23:16 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 130878

Error - 12/20/2010 9:23:16 PM | Computer Name = ANDREW-16C4F960 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 130878

[ System Events ]
Error - 10/14/2010 10:41:04 PM | Computer Name = ANDREW-16C4F960 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 10/14/2010 10:41:18 PM | Computer Name = ANDREW-16C4F960 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 10/17/2010 7:01:11 PM | Computer Name = ANDREW-16C4F960 | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 10/24/2010 7:37:04 PM | Computer Name = ANDREW-16C4F960 | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20


< End of report >
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amacenon,

:D

Thanks for posting the logs I requested.

Now please be patient as I hunt down the bugger that disabled your system. ;)
  • 0

#5
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amacemon,

Step One

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O4 - HKLM..\Run: [Qrukot] C:\WINDOWS\apiyadom.DLL ()
    O4 - HKCU..\Run: [Aim6] File not found
    O4 - HKCU..\Run: [Hkenuqidefayoqev] C:\WINDOWS\padtsve.DLL (Acronis)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2010/12/20 05:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\{7F8AA636-840D-4B04-84AB-3371E218B197}
    [2010/12/20 05:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gAcKp06501
    [2010/12/20 19:24:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ddewux.dat
    [2010/12/20 05:39:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dlorovujepopep.bin
    @Alternate Data Stream - 1357 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA27AABF
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step Two

Remove the USB stick when performing the succeeding fixes.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step Three

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step Four

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.



Step Five

Open OTL again, choose quickscan and post the logs on your next reply. :D
  • 0

#6
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ok, after rebooting as required in step 1, I recieved the following error: "RUNDLL Error loading C:\WINDOWS\padtsve.dll The specified module could not be found. " Is this something to be concerned with?

I ran TDSSKiller, but no files were found during the scan. below is the log from that scan.

2010/12/21 17:14:19.0428 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/21 17:14:19.0428 ================================================================================
2010/12/21 17:14:19.0428 SystemInfo:
2010/12/21 17:14:19.0428
2010/12/21 17:14:19.0428 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/21 17:14:19.0428 Product type: Workstation
2010/12/21 17:14:19.0428 ComputerName: ANDREW-16C4F960
2010/12/21 17:14:19.0428 UserName: Andrew
2010/12/21 17:14:19.0428 Windows directory: C:\WINDOWS
2010/12/21 17:14:19.0428 System windows directory: C:\WINDOWS
2010/12/21 17:14:19.0428 Processor architecture: Intel x86
2010/12/21 17:14:19.0428 Number of processors: 1
2010/12/21 17:14:19.0428 Page size: 0x1000
2010/12/21 17:14:19.0428 Boot type: Normal boot
2010/12/21 17:14:19.0428 ================================================================================
2010/12/21 17:14:19.0718 Initialize success
2010/12/21 17:14:35.0101 ================================================================================
2010/12/21 17:14:35.0101 Scan started
2010/12/21 17:14:35.0101 Mode: Manual;
2010/12/21 17:14:35.0101 ================================================================================
2010/12/21 17:14:35.0752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/21 17:14:35.0852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/21 17:14:36.0032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/21 17:14:36.0162 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/21 17:14:36.0563 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/21 17:14:36.0793 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/21 17:14:36.0853 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/21 17:14:36.0963 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/21 17:14:37.0043 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/21 17:14:37.0154 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/21 17:14:37.0224 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/12/21 17:14:37.0354 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/21 17:14:37.0454 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/12/21 17:14:37.0614 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/21 17:14:37.0704 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/21 17:14:37.0865 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/21 17:14:37.0935 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/21 17:14:38.0005 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/21 17:14:38.0145 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/21 17:14:38.0255 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/21 17:14:38.0546 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/21 17:14:38.0706 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/21 17:14:38.0886 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/21 17:14:39.0016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/21 17:14:39.0116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/21 17:14:39.0317 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/21 17:14:39.0437 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/12/21 17:14:39.0727 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/12/21 17:14:39.0877 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/21 17:14:39.0938 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/21 17:14:39.0988 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/21 17:14:40.0038 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/21 17:14:40.0098 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/21 17:14:40.0198 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/21 17:14:40.0288 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/21 17:14:40.0378 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/21 17:14:40.0578 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/21 17:14:40.0669 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/12/21 17:14:40.0789 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/21 17:14:40.0949 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/12/21 17:14:41.0219 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/12/21 17:14:41.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/21 17:14:41.0550 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/21 17:14:41.0660 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/21 17:14:41.0990 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/21 17:14:42.0121 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/21 17:14:42.0201 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/21 17:14:42.0291 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/21 17:14:42.0371 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/21 17:14:42.0451 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/21 17:14:42.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/21 17:14:42.0621 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/21 17:14:42.0712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/21 17:14:42.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/21 17:14:42.0902 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/21 17:14:43.0012 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/21 17:14:43.0122 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/21 17:14:43.0252 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/21 17:14:43.0513 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/21 17:14:43.0643 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/12/21 17:14:43.0753 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/12/21 17:14:43.0873 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/12/21 17:14:43.0983 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/12/21 17:14:44.0073 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
2010/12/21 17:14:44.0304 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
2010/12/21 17:14:44.0384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/21 17:14:44.0454 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/21 17:14:44.0504 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/21 17:14:44.0564 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/21 17:14:44.0644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/21 17:14:44.0795 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/21 17:14:44.0965 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/21 17:14:45.0045 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/21 17:14:45.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/21 17:14:45.0205 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/21 17:14:45.0295 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/21 17:14:45.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/21 17:14:45.0465 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/21 17:14:45.0576 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/21 17:14:45.0686 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2010/12/21 17:14:46.0036 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/21 17:14:46.0357 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/21 17:14:46.0477 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/21 17:14:46.0587 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/21 17:14:46.0707 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/21 17:14:46.0807 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/21 17:14:46.0918 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/21 17:14:47.0008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/21 17:14:47.0088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/21 17:14:47.0218 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/21 17:14:47.0308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/21 17:14:47.0428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/21 17:14:47.0589 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/21 17:14:47.0709 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/21 17:14:47.0819 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/21 17:14:47.0949 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/21 17:14:48.0049 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/21 17:14:48.0159 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/21 17:14:48.0259 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/21 17:14:48.0340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/21 17:14:48.0510 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/21 17:14:48.0610 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/21 17:14:49.0341 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/21 17:14:49.0431 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/21 17:14:49.0491 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/21 17:14:49.0571 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/21 17:14:49.0852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/21 17:14:49.0942 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/21 17:14:50.0002 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/21 17:14:50.0072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/21 17:14:50.0152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/21 17:14:50.0262 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/21 17:14:50.0363 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/21 17:14:50.0453 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/21 17:14:50.0543 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/21 17:14:50.0743 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/21 17:14:51.0094 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/21 17:14:51.0244 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/21 17:14:51.0304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/21 17:14:51.0384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/21 17:14:51.0474 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
2010/12/21 17:14:51.0664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/21 17:14:51.0765 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/12/21 17:14:51.0925 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/21 17:14:52.0005 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/21 17:14:52.0175 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/21 17:14:52.0255 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/12/21 17:14:52.0456 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/12/21 17:14:52.0586 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2010/12/21 17:14:52.0786 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/21 17:14:52.0856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/21 17:14:52.0936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/21 17:14:53.0227 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/21 17:14:53.0407 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/21 17:14:53.0537 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/21 17:14:53.0617 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/21 17:14:53.0707 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/21 17:14:53.0787 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/21 17:14:53.0898 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/12/21 17:14:54.0108 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/12/21 17:14:54.0338 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/12/21 17:14:54.0448 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
2010/12/21 17:14:54.0549 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/12/21 17:14:54.0669 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/12/21 17:14:54.0769 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/12/21 17:14:54.0929 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/12/21 17:14:55.0069 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/12/21 17:14:55.0230 TICalc (0dabaa63799b0bf20f95c73ce5d9ca87) C:\WINDOWS\system32\drivers\TICalc.sys
2010/12/21 17:14:55.0350 tifm (465c92a7cb4fc1885b0018ba6325b463) C:\WINDOWS\system32\drivers\tifm.sys
2010/12/21 17:14:55.0600 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/21 17:14:55.0750 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/21 17:14:55.0840 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/21 17:14:56.0061 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/12/21 17:14:56.0351 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/21 17:14:56.0421 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/12/21 17:14:56.0722 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/21 17:14:56.0792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/21 17:14:56.0842 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/12/21 17:14:57.0052 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/21 17:14:57.0122 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/21 17:14:57.0192 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/21 17:14:57.0262 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2010/12/21 17:14:57.0333 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/21 17:14:57.0403 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/21 17:14:57.0463 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/21 17:14:57.0603 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/21 17:14:57.0703 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/21 17:14:57.0813 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/21 17:14:57.0943 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/21 17:14:58.0294 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/21 17:14:58.0394 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/21 17:14:58.0474 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/21 17:14:58.0544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/21 17:14:58.0624 ================================================================================
2010/12/21 17:14:58.0624 Scan finished
2010/12/21 17:14:58.0624 ================================================================================
2010/12/21 17:16:07.0614 Deinitialize success



It may not have found anything during the scan because yesterday I ran Malwarebytes on my computer as soon as I could get it booted up. After updating the definitions, I ran a quick scan, and removed all of the files. Below is the log from when I did this yesterday.


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/20/2010 7:47:14 PM
mbam-log-2010-12-20 (19-47-14).txt

Scan type: Quick scan
Objects scanned: 163204
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vWLKdLDhCL.exe (Trojan.FakeAlert.Gen) -> Value: vWLKdLDhCL.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\Andrew\Local Settings\Temp\gghreqcvbn.dll (Trojan.FakeAlert.Gen) -> Delete on reboot.
c:\Documents and Settings\Andrew\Local Settings\Temp\vwlkdldhcl.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Documents and Settings\Andrew\Local Settings\Temp\440060994.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Andrew\application data\Adobe\plugs\kb440019604.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Andrew\application data\Adobe\plugs\kb440069416.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Andrew\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.



I will post the results of steps 4 and 5 soon...
  • 0

#7
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Is the computer booting normally? (Without the USB stick)
  • 0

#8
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
no, I still have to boot from the USB stick.

the AVP Tool by Kaspersky is currently scanning in Safe Mode. should I let it continue?
  • 0

#9
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amacenon,

Do you have the original XP installation disk.

the AVP Tool by Kaspersky is currently scanning in Safe Mode. should I let it continue?


Yes, proceed with the instructions. :D

Edited by Salagubang, 21 December 2010 - 06:48 PM.

  • 0

#10
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
yep, I found the XP Pro reinstallation CD that came with the computer.
  • 0

Advertisements


#11
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
running the AVP Tool by Kaspersky didnt work well. I tried a few times, and I would come back in and check the computer, and it would be off.
here is the log:

Autoscan: malfunction (events: 175, objects: , time: 00:00:00)
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Unknown
Autoscan: malfunction (events: 3, objects: 0, time: Unknown)
12/21/2010 6:05:55 PM
12/21/2010 6:00:52 PM Detected: Packed.Win32.Krap.ao C:\Documents and Settings\All Users\Application Data\gAcKp06501\gAcKp06501.exe
12/21/2010 5:46:59 PM Task started
Autoscan: malfunction (events: 1, objects: 0, time: Unknown)
12/21/2010 6:42:44 PM Task started
Autoscan: completed 13 minutes ago (events: 2, objects: 1427, time: 00:06:57)
12/21/2010 7:26:26 PM Task completed
12/21/2010 7:19:27 PM Task started
Autoscan: stopped 12 minutes ago (events: 2, objects: 148, time: 00:00:08)
12/21/2010 7:27:27 PM Task stopped
12/21/2010 7:27:19 PM Task started



following this, I reran OTL, with the following results.

OTL logfile created on: 12/21/2010 7:41:14 PM - Run 2
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.32 Gb Total Space | 6.44 Gb Free Space | 18.76% Space Free | Partition Type: NTFS
Drive E: | 244.71 Mb Total Space | 244.42 Mb Free Space | 99.88% Space Free | Partition Type: FAT

Computer Name: ANDREW-16C4F960 | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/01 13:55:56 | 000,330,256 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Andrew\Desktop\Virus Removal Tool\setup_9.0.0.722_22.12.2010_00-31\setup_9.0.0.722_22.12.2010_00-31.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/07/21 16:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/01/07 00:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/06/26 05:17:34 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 17:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/06 19:37:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\86015202.sys -- (86015202)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\8601520.sys -- (setup_9.0.0.722_22.12.2010_00-31drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\86015201.sys -- (86015201)
DRV - [2008/06/18 09:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/16 17:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/07/21 11:42:08 | 000,055,808 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm)
DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 14:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/08/13 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 00:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
DRV - [2000/02/22 16:46:40 | 000,009,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\Ticalc.sys -- (TICalc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\{7F8AA636-840D-4B04-84AB-3371E218B197}: C:\Documents and Settings\Andrew\Local Settings\Application Data\{7F8AA636-840D-4B04-84AB-3371E218B197}


O1 HOSTS File: ([2010/12/21 17:01:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Hkenuqidefayoqev] C:\WINDOWS\padtsve.DLL File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\setup_9.0.0.722_22.12.2010_00-31.lnk = C:\Documents and Settings\Andrew\Desktop\Virus Removal Tool\setup_9.0.0.722_22.12.2010_00-31\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1180738616585 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} http://h30155.www3.h...hp.cab?1,0,0,94 (HP Content Update)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/07 18:38:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{432aa050-c987-11df-b7c8-000f1fb0c6c6}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{6fe49f2d-fe7f-11db-b6f5-000b7d163561}\Shell - "" = AutoRun
O33 - MountPoints2\{6fe49f2d-fe7f-11db-b6f5-000b7d163561}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6fe49f2d-fe7f-11db-b6f5-000b7d163561}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/21 17:40:38 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\8601520.sys
[2010/12/21 17:40:38 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\86015201.sys
[2010/12/21 17:40:38 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\86015202.sys
[2010/12/21 17:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\Virus Removal Tool
[2010/12/21 17:34:31 | 086,477,704 | ---- | C] ( ) -- C:\Documents and Settings\Andrew\Desktop\setup_9.0.0.722_22.12.2010_00-31.exe
[2010/12/21 17:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\tdsskiller
[2010/12/21 17:01:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/20 19:54:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/12/20 05:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gAcKp06501
[2010/12/16 05:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/16 05:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/16 05:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2010/12/21 19:37:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/21 19:35:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/21 19:35:46 | 2129,121,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/21 17:42:47 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\setup_9.0.0.722_22.12.2010_00-31.lnk
[2010/12/21 17:34:31 | 086,477,704 | ---- | M] ( ) -- C:\Documents and Settings\Andrew\Desktop\setup_9.0.0.722_22.12.2010_00-31.exe
[2010/12/21 17:31:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003UA.job
[2010/12/21 17:13:00 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
[2010/12/21 17:01:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/21 09:31:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003Core.job
[2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/12/20 19:37:27 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/20 19:37:27 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/19 11:15:38 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\2010 family christmas gifts.xls
[2010/12/15 19:44:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 03:23:05 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 03:06:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 01:32:10 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Google Chrome.lnk
[2010/12/15 01:32:10 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/14 20:11:49 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Microsoft Word.lnk
[2010/12/11 22:36:32 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 19:52:10 | 000,108,642 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\pic.jpg
[2010/12/07 21:18:48 | 005,885,307 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\MacemonFamilyHistoryProject.pdf
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/28 15:27:02 | 000,141,229 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ISE__690_Homework_number_7_Solutions7.docx
[2010/11/28 10:30:26 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\christmas list.xls
[2010/11/27 17:16:15 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ISE 627 Homework 3-Macemon.doc
[2010/11/24 14:51:23 | 061,437,952 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\MomDad.mpg
[2010/11/23 09:49:55 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\Mboro baby shower.xls

========== Files Created - No Company Name ==========

[2010/12/21 19:35:46 | 2129,121,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/21 17:42:47 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\setup_9.0.0.722_22.12.2010_00-31.lnk
[2010/12/21 17:12:55 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
[2010/12/10 19:52:20 | 000,108,642 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\pic.jpg
[2010/12/07 21:18:48 | 005,885,307 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\MacemonFamilyHistoryProject.pdf
[2010/11/28 15:27:02 | 000,141,229 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ISE__690_Homework_number_7_Solutions7.docx
[2010/11/27 17:16:14 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ISE 627 Homework 3-Macemon.doc
[2010/11/24 14:51:23 | 061,437,952 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\MomDad.mpg
[2010/07/19 19:42:23 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\BBMS_EXCEPTION.txt
[2010/03/27 11:41:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/27 11:40:38 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/27 11:40:38 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/02/07 16:37:49 | 000,009,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\Ticalc.sys
[2010/01/26 21:56:02 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/06/08 09:57:06 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/08 09:57:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/12 12:00:37 | 000,000,103 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/05/30 18:19:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/30 17:56:08 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/05/30 17:56:08 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/05/30 17:53:41 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2007/05/30 17:52:58 | 000,007,877 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2007/05/11 13:37:58 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/10 19:38:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2007/05/09 16:49:57 | 000,000,375 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/08 19:13:47 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/08 18:37:20 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/05/07 20:24:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/05/07 20:24:17 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/05/07 18:55:13 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/05/07 12:45:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/22 12:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2008/05/22 05:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/21 18:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gAcKp06501
[2008/08/24 20:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/03/27 11:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/03/17 20:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/12/07 08:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/15 10:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/25 18:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/10 07:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/02 20:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/11 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/05/08 17:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\acccore
[2009/11/20 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Amazon
[2008/02/09 08:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Canon
[2007/06/21 18:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\CEIVA
[2010/03/28 18:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Facebook
[2008/02/23 14:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Flickr
[2010/11/04 12:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\GetRightToGo
[2007/05/20 15:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Leadertech
[2010/03/27 11:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\pdf995
[2010/07/19 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Research In Motion
[2010/03/27 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TaxCut
[2007/06/21 05:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Viewpoint

========== Purity Check ==========



< End of report >
  • 0

#12
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amancemon,

Please OTL again, click on the "none" button, copy and paste the following in the custom scan:

type C:\boot.ini >> test.txt /c

Click on the run scan then post the result.

Edited by Salagubang, 21 December 2010 - 08:16 PM.

  • 0

#13
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
here are the results to the scan you just described:

OTL logfile created on: 12/21/2010 8:36:01 PM - Run 3
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.32 Gb Total Space | 6.40 Gb Free Space | 18.65% Space Free | Partition Type: NTFS
Drive E: | 244.71 Mb Total Space | 244.42 Mb Free Space | 99.88% Space Free | Partition Type: FAT

Computer Name: ANDREW-16C4F960 | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< type C:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

< End of report >
  • 0

#14
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amacemon,

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#15
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ok, ran ComboFix. Here is the log. I want to thank you for all of the help you have provided me, and the time you have put into helping me.





ComboFix 10-12-22.01 - Andrew 12/22/2010 16:42:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1538 [GMT -6:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Andrew\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Andrew\Application Data\Adobe\plugs

.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-21 23:40 . 2009-10-22 18:54 37392 ----a-w- c:\windows\system32\drivers\86015202.sys
2010-12-21 23:40 . 2009-10-10 04:31 315408 ----a-w- c:\windows\system32\drivers\8601520.sys
2010-12-21 23:40 . 2009-09-25 22:59 128016 ----a-w- c:\windows\system32\drivers\86015201.sys
2010-12-21 23:01 . 2010-12-21 23:01 -------- d-----w- C:\_OTL
2010-12-20 11:37 . 2010-12-22 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\gAcKp06501
2010-12-16 11:49 . 2010-12-16 11:49 -------- d-----w- c:\program files\iPod
2010-12-16 11:49 . 2010-12-16 11:51 -------- d-----w- c:\program files\iTunes
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-16 11:39 . 2010-12-16 11:41 -------- d-----w- c:\program files\QuickTime
2010-12-15 00:57 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 00:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2010-08-24 01:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-08-24 01:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2007-05-08 00:35 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-06 00:26 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-12 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-12 13:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-12 13:17 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-12 13:33 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 21:44 . 2009-12-03 01:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2009-12-03 01:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-06-26 188416]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\Andrew\Start Menu\Programs\Startup\
setup_9.0.0.722_22.12.2010_00-31.lnk - c:\documents and settings\Andrew\Desktop\Virus Removal Tool\setup_9.0.0.722_22.12.2010_00-31\startup.exe [2010-12-21 72208]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 86015202;86015202 Boot Guard Driver;c:\windows\system32\drivers\86015202.sys [12/21/2010 5:40 PM 37392]
R1 86015201;86015201;c:\windows\system32\drivers\86015201.sys [12/21/2010 5:40 PM 128016]
R1 setup_9.0.0.722_22.12.2010_00-31drv;setup_9.0.0.722_22.12.2010_00-31drv;c:\windows\system32\drivers\8601520.sys [12/21/2010 5:40 PM 315408]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/31/2007 5:39 AM 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003Core.job
- c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 15:21]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003UA.job
- c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 15:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Hkenuqidefayoqev - c:\windows\padtsve.dll
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 16:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*$**%\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[%**]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[%**\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-22 16:59:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-22 22:58

Pre-Run: 6,872,907,776 bytes free
Post-Run: 6,733,361,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3C1F6DF550702BFFDA732640891657C4
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP