Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP wont boot, only blinking cursor


  • This topic is locked This topic is locked

#16
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amacemon,

1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
Youre going to proceed until you see the following screen, at which point you will press the R key to enter the recovery console:

Posted Image

3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1?).
Select the installation number, and hit Enter.
If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
You will be greeted with this screen, which indicates a recovery console at the ready:

Posted Image

4. In the command prompt, type this in:

fixmbr

5. Type "Exit" and reboot the computer in normal mode (without the usb stick).

Update me how the computer is running. :D
  • 0

Advertisements


#17
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
after typing fixmbr, it says the following:

"Caution

This computer appears to have a non-standard or invalid master boot record.

FIXMBR may damage your partition tables if you procede.

This could cause all the partitions on the current hard disk to become inaccessible.

IF you are not having problems accessing your drive, do not continue.

Are you sure you want to write a new MBR?"



Should I continue?
  • 0

#18
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Yes.
  • 0

#19
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It booted up normally!!!! Thank you so much! You have been a tremendous help, and are definately a life saver.

Is there anything else that I need to do?
  • 0

#20
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts

Is there anything else that I need to do?


Yes, there are still leftovers which needed to be taken cared of.

In the meantime, you may retry the AVP scan while I put together a fix for approval.

:D
  • 0

#21
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
is it necessary to run the AVP scan in safemode, as I did before?

Edited by amacemon, 22 December 2010 - 10:01 PM.

  • 0

#22
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts

do I have to run the AVP scan in safemode?


It is preferred, but doing the scan using normal mode is OK.
  • 0

#23
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amacemon,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::
c:\documents and settings\All Users\Application Data\gAcKp06501

Registry::

Driver::

RegLock::
[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*$**%\OpenWithList]
[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[%**]
[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[%**\OpenWithList]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


NEXT

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Post a fresh OTL scan.


Tell me how the computer is running?
  • 0

#24
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Merry Christmas!

The Combofix log is below:

ComboFix 10-12-24.01 - Andrew 12/24/2010 13:37:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1568 [GMT -6:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\gAcKp06501
c:\documents and settings\All Users\Application Data\gAcKp06501\gAcKp06501

.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-23 03:58 . 2009-10-22 18:54 37392 ----a-w- c:\windows\system32\drivers\07575242.sys
2010-12-23 03:58 . 2009-10-10 04:31 315408 ----a-w- c:\windows\system32\drivers\0757524.sys
2010-12-23 03:58 . 2009-09-25 22:59 128016 ----a-w- c:\windows\system32\drivers\07575241.sys
2010-12-21 23:01 . 2010-12-21 23:01 -------- d-----w- C:\_OTL
2010-12-16 11:49 . 2010-12-16 11:49 -------- d-----w- c:\program files\iPod
2010-12-16 11:49 . 2010-12-16 11:51 -------- d-----w- c:\program files\iTunes
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-16 11:41 . 2010-12-16 11:41 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-16 11:39 . 2010-12-16 11:41 -------- d-----w- c:\program files\QuickTime
2010-12-15 00:57 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 00:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2010-08-24 01:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-08-24 01:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2007-05-08 00:35 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-06 00:26 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-12 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-12 13:24 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-12 13:17 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-12 13:33 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 21:44 . 2009-12-03 01:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2009-12-03 01:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-06-26 188416]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\Andrew\Start Menu\Programs\Startup\
setup_9.0.0.722_23.12.2010_06-28.lnk - c:\documents and settings\Andrew\Desktop\Virus Removal Tool\setup_9.0.0.722_23.12.2010_06-28\startup.exe [2010-12-22 72208]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 07575242;07575242 Boot Guard Driver;c:\windows\system32\drivers\07575242.sys [12/22/2010 9:58 PM 37392]
R1 07575241;07575241;c:\windows\system32\drivers\07575241.sys [12/22/2010 9:58 PM 128016]
R1 setup_9.0.0.722_23.12.2010_06-28drv;setup_9.0.0.722_23.12.2010_06-28drv;c:\windows\system32\drivers\0757524.sys [12/22/2010 9:58 PM 315408]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/31/2007 5:39 AM 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003Core.job
- c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 15:21]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003UA.job
- c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-17 15:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 13:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*$**%\OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[%**]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1844237615-152049171-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[%**\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-12-24 13:47:22
ComboFix-quarantined-files.txt 2010-12-24 19:47
ComboFix2.txt 2010-12-22 22:59

Pre-Run: 6,498,054,144 bytes free
Post-Run: 6,486,921,216 bytes free

- - End Of File - - 9C39A9EC22B6E65911183B7F710117C7



MBAM Report is below:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5391

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/24/2010 2:03:16 PM
mbam-log-2010-12-24 (14-03-16).txt

Scan type: Quick scan
Objects scanned: 157895
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




OTL Scan is below:

OTL logfile created on: 12/24/2010 2:11:30 PM - Run 4
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.32 Gb Total Space | 5.99 Gb Free Space | 17.46% Space Free | Partition Type: NTFS

Computer Name: ANDREW-16C4F960 | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/07/21 16:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 07:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 12:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 12:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 02:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/06/26 05:17:34 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 17:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/06 19:37:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/30 07:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 07:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 12:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Andrew\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\07575242.sys -- (07575242)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\0757524.sys -- (setup_9.0.0.722_23.12.2010_06-28drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\07575241.sys -- (07575241)
DRV - [2008/06/18 09:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/16 17:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/30 07:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 07:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 07:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 07:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 07:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 07:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/07/21 11:42:08 | 000,055,808 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm)
DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 14:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/08/13 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 00:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
DRV - [2000/02/22 16:46:40 | 000,009,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\Ticalc.sys -- (TICalc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\{7F8AA636-840D-4B04-84AB-3371E218B197}: C:\Documents and Settings\Andrew\Local Settings\Application Data\{7F8AA636-840D-4B04-84AB-3371E218B197}


O1 HOSTS File: ([2010/12/24 13:44:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_06-28.lnk = C:\Documents and Settings\Andrew\Desktop\Virus Removal Tool\setup_9.0.0.722_23.12.2010_06-28\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1180738616585 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} http://h30155.www3.h...hp.cab?1,0,0,94 (HP Content Update)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/07 18:38:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 21:58:43 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\07575242.sys
[2010/12/22 21:58:42 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\0757524.sys
[2010/12/22 21:58:42 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\07575241.sys
[2010/12/22 21:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\Virus Removal Tool
[2010/12/22 21:57:58 | 086,592,112 | ---- | C] ( ) -- C:\Documents and Settings\Andrew\Desktop\setup_9.0.0.722_23.12.2010_06-28.exe
[2010/12/22 16:38:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/22 16:32:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/22 16:32:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/22 16:32:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/22 16:32:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/22 16:32:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/22 16:31:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/21 17:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\tdsskiller
[2010/12/21 17:01:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/20 19:54:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/12/16 05:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/16 05:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/16 05:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2010/12/24 13:52:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/24 13:52:10 | 2129,121,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/24 13:52:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/24 13:44:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/24 13:32:57 | 003,998,064 | R--- | M] () -- C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
[2010/12/24 13:31:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003UA.job
[2010/12/22 22:00:58 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_06-28.lnk
[2010/12/22 21:57:58 | 086,592,112 | ---- | M] ( ) -- C:\Documents and Settings\Andrew\Desktop\setup_9.0.0.722_23.12.2010_06-28.exe
[2010/12/22 16:38:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/22 09:31:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-854245398-1003Core.job
[2010/12/21 17:13:00 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
[2010/12/20 19:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/12/20 19:37:27 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/20 19:37:27 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 11:15:38 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\2010 family christmas gifts.xls
[2010/12/15 19:44:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/15 03:23:05 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 03:06:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/15 01:32:10 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Google Chrome.lnk
[2010/12/15 01:32:10 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/14 20:11:49 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Microsoft Word.lnk
[2010/12/11 22:36:32 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 19:52:10 | 000,108,642 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\pic.jpg
[2010/12/07 21:18:48 | 005,885,307 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\MacemonFamilyHistoryProject.pdf
[2010/11/28 15:27:02 | 000,141,229 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ISE__690_Homework_number_7_Solutions7.docx
[2010/11/28 10:30:26 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\christmas list.xls
[2010/11/27 17:16:15 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ISE 627 Homework 3-Macemon.doc
[2010/11/24 14:51:23 | 061,437,952 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\MomDad.mpg

========== Files Created - No Company Name ==========

[2010/12/24 13:12:38 | 2129,121,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/22 22:00:58 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\setup_9.0.0.722_23.12.2010_06-28.lnk
[2010/12/22 16:38:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/22 16:38:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/22 16:32:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/22 16:32:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/22 16:32:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/22 16:32:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/22 16:32:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/22 16:22:49 | 003,998,064 | R--- | C] () -- C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
[2010/12/21 17:12:55 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
[2010/12/10 19:52:20 | 000,108,642 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\pic.jpg
[2010/12/07 21:18:48 | 005,885,307 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\MacemonFamilyHistoryProject.pdf
[2010/11/28 15:27:02 | 000,141,229 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ISE__690_Homework_number_7_Solutions7.docx
[2010/11/27 17:16:14 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ISE 627 Homework 3-Macemon.doc
[2010/11/24 14:51:23 | 061,437,952 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\MomDad.mpg
[2010/07/19 19:42:23 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\BBMS_EXCEPTION.txt
[2010/03/27 11:41:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/03/27 11:40:38 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/03/27 11:40:38 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/02/07 16:37:49 | 000,009,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\Ticalc.sys
[2010/01/26 21:56:02 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/06/08 09:57:06 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/08 09:57:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/12 12:00:37 | 000,000,103 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/05/30 18:19:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/30 17:56:08 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/05/30 17:56:08 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/05/30 17:53:41 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2007/05/30 17:52:58 | 000,007,877 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2007/05/11 13:37:58 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/10 19:38:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2007/05/09 16:49:57 | 000,000,375 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/08 19:13:47 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/08 18:37:20 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/05/07 20:24:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/05/07 20:24:17 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/05/07 18:55:13 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/05/07 12:45:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/22 12:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2008/05/22 05:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/08/24 20:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/03/27 11:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/03/17 20:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/12/07 08:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/15 10:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/25 18:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/10 07:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/02 20:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/11 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/05/08 17:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\acccore
[2009/11/20 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Amazon
[2008/02/09 08:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Canon
[2007/06/21 18:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\CEIVA
[2010/03/28 18:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Facebook
[2008/02/23 14:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Flickr
[2010/11/04 12:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\GetRightToGo
[2007/05/20 15:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Leadertech
[2010/03/27 11:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\pdf995
[2010/07/19 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Research In Motion
[2010/03/27 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TaxCut
[2007/06/21 05:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Viewpoint

========== Purity Check ==========



< End of report >
  • 0

#25
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Tell me how the computer is running?



The computer seems to be running well. By the way, I finally got the AVP to run completely.
Here is the log from that:

Autoscan: completed 2 hours ago (events: 14, objects: 245755, time: 02:38:16)
12/24/2010 9:12:01 AM Task started
12/24/2010 10:23:42 AM Detected: Trojan.Win32.Vilsel.ajgl C:\Program Files\AIM6\addressBook.exe
12/24/2010 10:23:42 AM Untreated: Trojan.Win32.Vilsel.ajgl C:\Program Files\AIM6\addressBook.exe Postponed
12/24/2010 11:02:28 AM Detected: Packed.Win32.Krap.ao C:\System Volume Information\_restore{131B875A-7287-4872-BE8C-8513B37682EC}\RP1253\A0065660.exe
12/24/2010 11:02:28 AM Untreated: Packed.Win32.Krap.ao C:\System Volume Information\_restore{131B875A-7287-4872-BE8C-8513B37682EC}\RP1253\A0065660.exe Postponed
12/24/2010 11:03:13 AM Detected: Trojan.Win32.Vilsel.ajgl C:\System Volume Information\_restore{131B875A-7287-4872-BE8C-8513B37682EC}\RP1253\A0070986.exe
12/24/2010 11:03:13 AM Untreated: Trojan.Win32.Vilsel.ajgl C:\System Volume Information\_restore{131B875A-7287-4872-BE8C-8513B37682EC}\RP1253\A0070986.exe Postponed
12/24/2010 11:50:06 AM Detected: HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\12212010_170106\C_WINDOWS\padtsve.dll
12/24/2010 11:50:06 AM Untreated: HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\12212010_170106\C_WINDOWS\padtsve.dll Postponed
12/24/2010 11:50:07 AM Detected: Trojan.Win32.Vilsel.ajgl C:\System Volume Information\_restore{131B875A-7287-4872-BE8C-8513B37682EC}\RP1253\A0070986.exe
12/24/2010 11:50:18 AM Deleted: Trojan.Win32.Vilsel.ajgl C:\System Volume Information\_restore{131B875A-7287-4872-BE8C-8513B37682EC}\RP1253\A0070986.exe
12/24/2010 11:50:18 AM Detected: HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\12212010_170106\C_WINDOWS\padtsve.dll
12/24/2010 11:50:23 AM Deleted: HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\12212010_170106\C_WINDOWS\padtsve.dll
12/24/2010 11:50:23 AM Task completed

  • 0

Advertisements


#26
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi amacemon,

Congratulations.

Now lets wrap up.

  • Download OTL to your desktop
  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AIM6\aim6.exe"=-
    
    :Files
    C:\Program Files\AIM6
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • You may be asked to reboot - if so, choose Yes

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image

Clean Temporary Files
  • Download TFC to your desktop
  • Open the file and close any other windows
  • It will close all programs itself when run - make sure to let it run uninterrupted
  • Click the Start button to begin the process - the program should not take long to finish its job
  • Once it is finished, it should reboot your machine, if not, do this yourself to ensure the cleaning process completes

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
  • Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window


++++++++++++++++++++++++++++++++++++


Below are links to several programs that will help protect your computer.

Anti-Spyware
I recommend downloading and installing all of the following applications.
  • SpywareBlaster keeps spyware from installing on your system - read the tutorial here
  • SpywareGuard protects your browser and computer in real time - read the tutorial here
  • SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here

++++++++++++++++++++++++++++++++++++

Other things to keep in mind.

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.

Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! Posted Image
  • 0

#27
amacemon

amacemon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
thank you so much for all of your help!!
  • 0

#28
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Your welcome and Happy New Year! :D
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP