Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

system tool virus

Started by Ashley82004 , Dec 26 2010 08:19 PM

  • Please log in to reply

#1
Ashley82004
Posted 26 December 2010 - 08:19 PM

Ashley82004

    New Member

  • Member
  • Pip
  • 2 posts
Ok....so about 2 weeks ago I got the system tool virus on my laptop I didn't know what it was so I just clicked the red 'X' in the top right hand corner and it hasn't gone away since. I opened windows defender and it stopped it for about a week then 3 days ago I was on the internet and it started popping up again. Now today I renewed my mcafee subscription but I can't get it to download. I can only use my laptop in "safe mode" thats what I'm in now. when I restart my laptop there is a blue screen with 0's and 1's and has a message about my computer and everything is infected and my wife family and frieds something something I don't know the whole message but I don't know much about viruses or what ever this system tool is but I'm in need of help getting it off. Please any one if you have advice please help me. oh and remember I can only work in safe mode. Thank you very much!!
  • 0

Advertisements

#2
Ashley82004
Posted 26 December 2010 - 08:27 PM

Ashley82004

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTL logfile created on: 12/26/2010 7:22:28 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Ashley\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 145.41 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.09 Gb Free Space | 40.93% Space Free | Partition Type: NTFS

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/26 19:20:53 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/26 19:20:53 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/10 23:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2010/12/26 14:58:19 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 14:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2008/09/30 09:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/30 09:03:12 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/31 12:02:04 | 001,519,168 | ---- | M] (UltraVNC) [Auto | Stopped] -- C:\ProgramData\UltraVNC\winvnc.exe -- (uvnc_service)
SRV - [2008/02/25 09:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 09:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/21 13:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/14 13:35:04 | 005,730,304 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/10 21:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008/10/27 02:53:36 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/27 02:52:00 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/06/23 05:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/23 05:45:40 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/23 05:45:40 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/23 05:45:38 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/06/17 11:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/05/04 02:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 00:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/06 00:58:12 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/12 04:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/28 22:31:54 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 09:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 09:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 09:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 09:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2090127
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/02/07 15:31:04 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions
[2009/02/07 15:31:04 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [iLike] C:\Program Files\iLike\1.2.18\ilikesidebar.exe File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKCU..\RunOnce: [fFbFk06300] C:\ProgramData\fFbFk06300\fFbFk06300.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: adobe.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aiu-online.com ([mycampus] https in Trusted sites)
O15 - HKCU\..Trusted Domains: careeredonline.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ashley\Pictures\family.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ashley\Pictures\family.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/05 19:59:09 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{969bb6d6-030f-11df-bcc0-0023ae1030b1}\Shell\Auto\command - "" = F:\launcher.exe -- File not found
O33 - MountPoints2\{aecb814c-3d15-11df-a1a3-0023ae1030b1}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{aecb814f-3d15-11df-a1a3-0023ae1030b1}\Shell - "" = AutoRun
O33 - MountPoints2\{aecb814f-3d15-11df-a1a3-0023ae1030b1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d16740ea-fd1b-11dd-bdc5-0023ae1030b1}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{f03c94a1-0bdd-11df-96ed-00242b6f2423}\Shell - "" = AutoRun
O33 - MountPoints2\{f03c94a1-0bdd-11df-96ed-00242b6f2423}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 19:20:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2010/12/26 16:17:24 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2010/12/26 16:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/12/26 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/12/26 14:47:29 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Citrix
[2010/12/25 14:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/12/24 16:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\fFbFk06300
[2010/12/21 21:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Clip Extractor Toolbar
[2010/12/21 20:27:00 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\iLike
[2010/12/21 17:52:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/12/21 17:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2010/12/19 10:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010/12/19 08:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2010/12/17 14:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2010/12/17 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\PCDr
[2010/12/14 12:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\aLeNb06309
[2010/12/10 10:00:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2010/12/10 10:00:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2010/12/10 10:00:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2010/12/10 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Blubster
[2010/12/10 08:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/12/03 11:00:45 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\BearShare
[2010/12/03 11:00:45 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\BearShare
[2010/12/03 10:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/12/03 10:09:22 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Documents\webkit
[2010/12/03 10:09:22 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\com.w3i.musicrockstar
[2010/11/30 08:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2009/02/06 10:36:53 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2009/02/06 10:36:53 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2009/02/06 10:36:53 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2009/02/06 10:36:52 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2009/02/06 10:36:52 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2009/02/06 10:36:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2009/02/06 10:36:51 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2009/02/06 10:36:51 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2009/02/06 10:36:50 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2009/02/06 10:36:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2009/02/06 10:36:48 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/26 19:20:53 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2010/12/26 16:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/26 16:51:59 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/26 16:21:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 16:21:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 16:21:11 | 000,000,226 | ---- | M] () -- C:\Windows\tasks\AlphaAV.job
[2010/12/26 16:19:10 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2010/12/26 16:02:21 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2010/12/26 15:47:07 | 000,001,356 | ---- | M] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2010/12/26 14:47:28 | 000,103,784 | ---- | M] () -- C:\Users\Ashley\GoToAssistDownloadHelper.exe
[2010/12/21 21:47:33 | 000,000,595 | ---- | M] () -- C:\Users\Ashley\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2010/12/21 19:24:27 | 000,600,688 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/21 19:24:27 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/21 17:54:30 | 000,023,040 | ---- | M] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 10:34:10 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/12/19 19:59:43 | 227,994,902 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/19 08:36:17 | 000,001,917 | ---- | M] () -- C:\WildTangent Games App - dell.lnk
[2010/12/19 08:35:51 | 000,002,153 | ---- | M] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - dell.lnk
[2010/12/19 08:35:51 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2010/12/18 03:30:27 | 000,376,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/17 18:03:45 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/10 11:31:18 | 000,002,453 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2010/12/10 10:00:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys2.bmp
[2010/12/10 10:00:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SwSys1.bmp
[2010/12/03 10:51:45 | 000,001,947 | ---- | M] () -- C:\Users\Ashley\Desktop\PurblePlace.lnk
[2010/12/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/26 16:02:21 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2010/12/21 21:37:40 | 000,000,595 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2010/12/21 21:37:13 | 000,000,028 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\ClipExtractor-UpdatePerformed.txt
[2010/12/19 10:12:22 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/12/19 08:36:17 | 000,001,917 | ---- | C] () -- C:\WildTangent Games App - dell.lnk
[2010/12/19 08:35:51 | 000,002,153 | ---- | C] () -- C:\Users\Ashley\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - dell.lnk
[2010/12/19 08:35:51 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2010/12/17 14:49:43 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/17 14:49:40 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/12/10 10:00:12 | 000,002,453 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2010/12/10 10:00:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys2.bmp
[2010/12/10 10:00:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SwSys1.bmp
[2010/12/03 10:51:45 | 000,001,947 | ---- | C] () -- C:\Users\Ashley\Desktop\PurblePlace.lnk
[2009/10/27 13:15:32 | 000,000,032 | ---- | C] () -- C:\Users\Ashley\AppData\Local\xobni_installer_updater.log
[2009/09/23 22:04:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/08 15:46:32 | 000,000,089 | ---- | C] () -- C:\ProgramData\dldt.log
[2009/03/18 21:46:57 | 000,024,206 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\UserTile.png
[2009/02/13 18:58:24 | 000,001,356 | ---- | C] () -- C:\Users\Ashley\AppData\Local\d3d9caps.dat
[2009/02/06 10:43:16 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2009/02/06 10:37:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2009/02/06 10:36:54 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2009/02/06 10:36:52 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2009/02/06 10:36:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2009/02/06 10:36:51 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/02/06 10:36:51 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/02/06 10:36:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2009/02/06 10:36:50 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2009/02/06 10:36:49 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2009/02/06 10:36:49 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2009/02/06 10:36:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/02/06 10:36:48 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDTcfg.dll
[2009/02/03 11:05:14 | 000,000,000 | ---- | C] () -- C:\Users\Ashley\AppData\Roaming\wklnhst.dat
[2009/02/03 10:02:34 | 000,023,040 | ---- | C] () -- C:\Users\Ashley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/26 18:04:31 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/01/26 18:04:30 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/01/26 18:04:30 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/01/26 18:04:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/01/26 18:04:30 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/01/26 18:04:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/01/26 16:32:14 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/02/21 13:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 15:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2007/11/13 12:13:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/04/28 07:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2010/01/17 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Coby
[2010/11/30 08:52:08 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Coby Media Manager
[2010/12/03 10:09:22 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\com.w3i.musicrockstar
[2009/03/18 19:04:16 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Earthlink
[2009/05/05 22:46:07 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\funkitron
[2010/12/21 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\iLike
[2010/11/15 17:14:41 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\LimeWire
[2010/11/16 08:40:33 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\MusicNet
[2010/12/17 14:44:27 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PCDr
[2009/03/18 21:46:57 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PeerNetworking
[2009/03/16 23:29:59 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\PlayFirst
[2009/03/09 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Smith Micro
[2009/02/03 11:05:17 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Template
[2009/10/27 13:13:58 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\WeatherBug
[2010/12/26 16:21:11 | 000,000,226 | ---- | M] () -- C:\Windows\Tasks\AlphaAV.job
[2010/07/15 00:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/12/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/12/17 18:03:45 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/24 21:06:26 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/26 16:51:59 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
  • 0

#3
RKinner
Posted 28 December 2010 - 08:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Copy the text in the code box below by highlighting and then Ctrl + c :


:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKCU..\Run: [iLike] C:\Program Files\iLike\1.2.18\ilikesidebar.exe File not found
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\RunOnce: [fFbFk06300] C:\ProgramData\fFbFk06300\fFbFk06300.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O33 - MountPoints2\{969bb6d6-030f-11df-bcc0-0023ae1030b1}\Shell\Auto\command - "" = F:\launcher.exe -- File not found
O33 - MountPoints2\{aecb814c-3d15-11df-a1a3-0023ae1030b1}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{aecb814f-3d15-11df-a1a3-0023ae1030b1}\Shell - "" = AutoRun
O33 - MountPoints2\{aecb814f-3d15-11df-a1a3-0023ae1030b1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d16740ea-fd1b-11dd-bdc5-0023ae1030b1}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{f03c94a1-0bdd-11df-96ed-00242b6f2423}\Shell - "" = AutoRun
O33 - MountPoints2\{f03c94a1-0bdd-11df-96ed-00242b6f2423}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[2010/12/24 16:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\fFbFk06300
[2010/12/14 12:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\aLeNb06309
[2010/12/26 16:21:11 | 000,000,226 | ---- | M] () -- C:\Windows\Tasks\AlphaAV.job
[2010/12/17 18:03:45 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/26 16:51:59 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

:FILES
C:\ProgramData\fFbFk06300
C:\ProgramData\aLeNb06309

:Commands
[PURITY]
[EMPTYTEMP]

Run OTL by right clicking and Run As Administrator then paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.

Turn off or Pause your Antivirus.

Download Combofix from any of the links below but rename it to george.exe before saving it to your desktop.

Link 1
Link 2
Link 3


==================================


Double click on george.exe & follow the prompts. Allow it to install the Recovery Console. It may need to reboot.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Run OTL
In the Extra Registry group, Select the Use SafeList option. In the File Scans areas set the File Age to 90 Days.
Press the Run Scan button.

You will receive two logs. Please post (copy and paste do not attach) them both.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP