Packard Bell PC possible corruption - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Packard Bell PC possible corruption touchpad was corrupted, slow and general poor running

#1 gilybob

  • Group: Member
  • Posts: 17
  • Joined: 14-August 08

Posted 20 February 2011 - 04:30 AM

Hi
this is my sons PC and being a teen and not listening to advice i think he has downloaded various tosh..
he downloaded avast security protection which ran out two days ago, this morning the touchpad was in effective which was fun trying to figure out the problem as i am not the best on computers.... Any way I removed avast and the touchpad started top work again !!
I still think the computer may be infected, as it it is slow toperform various simple tasks i have included the report as requested just to see what youthe processionals think thanks and help would be greatOTL logfile created on: 20/02/2011 10:11:10 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Connor\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.07 Gb Total Space | 108.93 Gb Free Space | 49.27% Space Free | Partition Type: NTFS

Computer Name: CONNOR-PC | User Name: Connor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/20 10:10:48 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Connor\Downloads\OTL.exe
PRC - [2011/02/10 03:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Users\Connor\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2011/01/14 19:17:16 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/22 16:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2010/09/02 20:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2010/04/12 08:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/01/26 17:02:52 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/01/02 23:36:12 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/12/11 13:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 15:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/09/29 11:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 11:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 11:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 11:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/08/27 20:48:30 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/22 06:50:39 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/21 00:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009/08/21 00:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009/06/17 11:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/06/04 13:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/04/14 11:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/04/13 16:11:26 | 003,319,808 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
PRC - [2009/04/13 13:28:30 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe


========== Modules (SafeList) ==========

MOD - [2011/02/20 10:10:48 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Connor\Downloads\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/05 20:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/02 18:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/22 16:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/09/02 20:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/21 00:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 19:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 13:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/24 12:59:49 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/01/12 21:35:10 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/12/17 22:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/10/26 15:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/11 20:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/08/09 21:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/02 18:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/20 11:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/20 02:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/25 03:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 23:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 23:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 05:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/09/02 17:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...00z195f4791w219
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...00z195f4791w219
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...00z195f4791w219
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...00z195f4791w219
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files (x86)\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...00z195f4791w219
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myfastwebsearch.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 6A 73 A0 30 DB CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files (x86)\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.3.4:8080


[2010/01/30 16:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Connor\AppData\Roaming\Mozilla\Extensions
[2010/01/30 16:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Connor\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (MessengerPlusLive UK TB Toolbar) - {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files (x86)\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive UK TB Toolbar) - {fcf7bd65-beb7-48cd-8d51-268eb6802e56} - C:\Program Files (x86)\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive UK TB Toolbar) - {FCF7BD65-BEB7-48CD-8D51-268EB6802E56} - C:\Program Files (x86)\MessengerPlusLive_UK_TB\tbMess.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RegWork] File not found
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files (x86)\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/19 19:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/19 19:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/19 19:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/19 19:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/02/19 19:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/19 19:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/02/19 19:35:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/11 18:41:17 | 000,000,000 | ---D | C] -- C:\Users\Connor\AppData\Roaming\GARMIN
[2011/02/11 18:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2011/02/11 18:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2011/01/31 17:49:46 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/31 17:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/31 17:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/01/31 17:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011/01/31 17:31:31 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/01/31 17:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/01/31 17:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/31 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\Connor\AppData\Local\Windows Live
[2011/01/30 23:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/01/30 23:49:41 | 000,000,000 | ---D | C] -- C:\Windows\Temp83C87DE7-1F51-016F-1616-CBE66A5E49FA-Signatures
[2011/01/30 23:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2009/08/22 06:35:25 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Connor\Documents\*.tmp files -> C:\Users\Connor\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/20 10:17:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1546675940-2601420533-3918049107-1001UA.job
[2011/02/20 10:11:35 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 10:11:35 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 10:04:29 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/20 10:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/20 10:02:43 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 09:45:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/19 21:17:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1546675940-2601420533-3918049107-1001Core.job
[2011/02/19 19:44:22 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/19 19:38:52 | 000,002,515 | ---- | M] () -- C:\Users\Connor\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/02/19 19:38:52 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/02/19 19:37:39 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/19 16:59:37 | 000,733,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/19 16:59:37 | 000,633,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/19 16:59:37 | 000,112,456 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/18 20:28:47 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2011/02/12 09:16:34 | 000,002,419 | ---- | M] () -- C:\Users\Connor\Desktop\Google Chrome.lnk
[2011/02/11 18:48:26 | 000,434,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/31 17:31:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/01/30 23:50:39 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/30 23:50:02 | 000,739,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Users\Connor\Documents\*.tmp files -> C:\Users\Connor\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/19 19:44:22 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/19 19:38:52 | 000,002,515 | ---- | C] () -- C:\Users\Connor\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/02/19 19:38:52 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/02/19 19:38:52 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/02/19 19:37:39 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/31 17:48:35 | 000,001,317 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/01/31 17:48:03 | 000,001,386 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/01/31 17:47:05 | 000,001,470 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/01/31 17:46:16 | 000,002,498 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/01/31 17:31:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/01/30 23:50:39 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/04/27 21:48:15 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010/04/26 16:56:46 | 000,739,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/23 11:36:48 | 000,004,608 | ---- | C] () -- C:\Users\Connor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 17:11:40 | 000,000,154 | ---- | C] () -- C:\Users\Connor\AppData\Roaming\wklnhst.dat
[2009/09/28 09:16:01 | 000,001,592 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/09/28 00:59:39 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/08/22 06:34:35 | 000,776,614 | ---- | C] () -- C:\Program Files (x86)\Common Files\packardbell.ico
[2009/08/18 05:11:00 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/18 05:11:00 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/18 05:10:57 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/18 05:10:57 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/18 05:10:57 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/12/26 15:53:43 | 000,000,000 | -HSD | M] -- C:\Users\Connor\AppData\Roaming\.#
[2010/10/24 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\DAEMON Tools Pro
[2010/04/26 20:07:07 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/19 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\FrostWire
[2011/02/11 18:41:17 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\GARMIN
[2009/12/25 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\iCopyExpert
[2009/12/29 15:09:55 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Sports Interactive
[2010/04/26 16:56:26 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Teleca
[2010/02/04 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Template
[2010/09/27 12:10:52 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\Tific
[2011/02/20 10:14:36 | 000,000,000 | ---D | M] -- C:\Users\Connor\AppData\Roaming\uTorrent
[2011/02/18 20:28:47 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Regwork.job
[2010/11/08 23:04:57 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A2947BEA

< End of report >
...

#2 Salagubang

  • Group: Malware Removal
  • Posts: 3,883
  • Joined: 23-July 09

Posted 28 February 2011 - 10:28 PM

Hi gilybob,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.


+++++++++++++++++++++++++++++++++++++++++++

Posted Image ERUNT - Download here
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions. To ensure that we have a valid registry backup. Install and run ERUNT (Emergency Recovery Utility NT) which will allows you to store a complete backup of your registry and restore if needed.
  • Download ERUNT
  • Double-click erunt_setup.exe to run.
  • Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  • Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
    Posted Image
  • Start ERUNT
  • Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    Posted Image
  • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK
  • When prompted, click YES to create a new folder.
  • Progress bars will show backup status.
  • A confirmation window will popup when complete. Click OK to close.


+++++++++++++++++++++++++++++++++++++++++++

First, we need a fresh logs.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Standard Output at the top
  • Under the Extra Registry sectionm ensure that Safelist is selected
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Next

GMER Rootkit Scanner
    Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

#3 Salagubang

  • Group: Malware Removal
  • Posts: 3,883
  • Joined: 23-July 09

Posted 16 March 2011 - 08:03 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1