Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan.alemod

Started by bilzer , Apr 19 2011 07:41 PM

  • This topic is locked This topic is locked

#16
SpySentinel
Posted 25 April 2011 - 04:00 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Bill,

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):


Adobe Reader 9.4.4



Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html


Please let me know if you are successful in installing the latest version.
  • 0

Advertisements

#17
bilzer
Posted 25 April 2011 - 06:11 PM

bilzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Spy,

I removed the older Adobe version and installed the new one from the link you sent.

Bill
  • 0

#18
SpySentinel
Posted 25 April 2011 - 07:43 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Your log looks clean, Great Job! :D


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


Now for some cleanup..
Please download OTC and save it to Desktop.
  • Please make sure you are connecting to the Internet
  • Double-click OTC.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

  • Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • Update Non-Microsoft Programs - It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

  • 0

#19
bilzer
Posted 30 April 2011 - 04:11 PM

bilzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sear Spy,

Thanks for all your help and great expertise in cleaning up my computer. It has definetely made a big Difference and I have learned alot more protection methods as well.

Sincerely,

Bill
  • 0

#20
SpySentinel
Posted 30 April 2011 - 05:24 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Bill,

You're very welcome :)

Glad I was able to help!
  • 0

#21
bilzer
Posted 04 May 2011 - 09:24 AM

bilzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Spy,

I wanted to run something by you. The last few days I have had pop ups appear while web surfing. Th pop up consists of winning a prize and an announcement that someone is looking for me. Any suggestions on how to stop these?
  • 0

#22
SpySentinel
Posted 04 May 2011 - 02:56 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
These are more than likely from the website you were browsing on. What web browser are you using?
  • 0

#23
bilzer
Posted 05 May 2011 - 11:44 AM

bilzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Spy,

Norton did another virus scan and it is reporting that Trojan.alemod is still infecting the computer. Apparently the virus is still there. Any suggestions on how to deal with it still.

Sincerely,

Bill

Here is a OTL log for your review:

OTL logfile created on: 5/5/2011 1:35:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\FABY
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 157.71 Gb Free Space | 67.72% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 925.31 Gb Free Space | 99.33% Space Free | Partition Type: NTFS

Computer Name: HOME-FD4A3FFDBC | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 21:32:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\FABY\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/09/20 15:24:40 | 000,377,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\mcui32.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
PRC - [2000/06/29 04:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 21:32:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\FABY\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/08/24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2000/06/29 04:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 11:26:12 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110504.066\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 11:26:12 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110504.066\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/15 15:52:18 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/15 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/03/15 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110429.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\21974102.sys -- (21974102)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\2197410.sys -- (setup_9.0.0.722_20.04.2011_18-56drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\21974101.sys -- (21974101)
DRV - [2009/08/05 20:38:22 | 005,874,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/05 23:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/08/18 03:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/29 01:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/17 01:09:48 | 001,611,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/04 18:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2000/02/03 15:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/03/16 17:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/03/15 15:53:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/22 15:25:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: SurfSaver 6 QuickSave - C:\Program Files\askSam\SurfSaver 6\QuickSave.htm ()
O8 - Extra context menu item: SurfSaver 6 Save... - C:\Program Files\askSam\SurfSaver 6\add.htm ()
O9 - Extra Button: SurfSaver 6 - {91D4580B-DB35-416E-BA9E-994BBADC7177} - C:\Program Files\askSam\SurfSaver 6\SurfSaverBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1256869687453 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\asksam6 {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\Program Files\askSam\SurfSaver 6\AS6_AIPP.dll (askSam Systems)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/28 17:57:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 13:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ophcrack
[2011/05/05 13:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\ophcrack
[2011/05/05 11:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StyleWriter
[2011/05/04 18:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Editor Software
[2011/05/04 18:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Editor Software
[2011/05/04 17:48:45 | 000,000,000 | ---D | C] -- C:\style(2)
[2011/05/04 16:42:58 | 000,000,000 | ---D | C] -- C:\Style
[2011/04/28 16:22:49 | 000,000,000 | ---D | C] -- C:\Intnt'l Buss
[2011/04/26 17:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\Temp
[2011/04/26 10:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/26 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/24 00:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/04/23 14:32:10 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\2197410.sys
[2011/04/23 14:32:10 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\21974101.sys
[2011/04/23 14:32:10 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\21974102.sys
[2011/04/23 14:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\Virus Removal Tool
[2011/04/23 11:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/23 11:16:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/23 11:16:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/23 11:16:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/22 17:42:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/22 17:41:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\TFC.exe
[2011/04/22 12:47:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/22 12:37:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/22 12:37:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/22 12:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\RK_Quarantine
[2011/04/21 21:44:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/21 15:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/20 22:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2011/04/20 21:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio Easy Media Creator 10
[2011/04/20 21:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2011/04/20 21:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2011/04/19 23:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\DriverCure
[2011/04/19 23:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\ParetoLogic
[2011/04/19 23:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\ParetoLogic
[2011/04/19 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/04/19 23:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/04/19 23:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/19 22:44:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/19 22:44:14 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/04/19 22:40:33 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/04/19 22:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/19 22:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\SUPERAntiSpyware.com
[2011/04/19 21:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/04/19 19:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab 8
[2011/04/19 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8
[2010/08/07 13:50:21 | 013,833,720 | ---- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFab7070.exe
[2009/10/25 11:02:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\OWNER\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/05 13:19:51 | 000,002,963 | ---- | M] () -- C:\WINDOWS\citation.ini
[2011/05/05 13:15:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2011/05/05 12:20:46 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2011/05/05 12:04:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 12:04:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 18:00:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/05/04 17:54:52 | 000,003,920 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2011/05/04 02:38:06 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/05/03 12:25:36 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2011/05/03 09:54:56 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/04/26 10:04:01 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\SpywareBlaster.lnk
[2011/04/26 09:51:44 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 20:09:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/24 12:09:55 | 000,000,381 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2011/04/22 18:28:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/22 17:41:11 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\TFC.exe
[2011/04/22 15:25:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/22 12:33:34 | 001,098,752 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\RogueKiller.exe
[2011/04/22 11:26:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/20 21:32:22 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Media Creator 10 Suite.lnk
[2011/04/20 18:36:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/20 18:33:11 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/20 18:33:11 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/19 23:22:45 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/04/19 23:22:42 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/04/19 19:04:16 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2011/04/19 19:04:16 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\DVDFab 8.lnk
[2011/04/19 16:53:36 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/05/05 13:14:45 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ophcrack.lnk
[2011/04/26 10:04:00 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\SpywareBlaster.lnk
[2011/04/25 20:09:11 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/25 20:09:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/22 12:47:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/22 12:47:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/22 12:33:32 | 001,098,752 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\RogueKiller.exe
[2011/04/20 21:32:22 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Media Creator 10 Suite.lnk
[2011/04/19 23:24:52 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/04/19 23:22:45 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/04/19 23:22:43 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/04/19 23:22:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/04/19 23:22:36 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/04/19 19:04:16 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2011/04/19 19:04:15 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\DVDFab 8.lnk
[2011/02/22 15:43:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Usbr38.DLL
[2011/02/20 22:31:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/15 17:42:08 | 000,026,337 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/07 11:44:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ExtRes.dll
[2010/09/06 12:39:35 | 000,036,653 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\Comma Separated Values (Windows).ADR
[2010/08/13 19:22:47 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2010/08/13 19:01:57 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2010/08/13 19:01:57 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010/08/13 18:52:07 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/08/13 18:52:07 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/08/07 13:50:23 | 000,273,288 | ---- | C] () -- C:\Program Files\Install.pdf
[2010/03/19 11:19:05 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\EEInstMngr.exe
[2010/02/06 20:40:07 | 000,000,422 | ---- | C] () -- C:\WINDOWS\System32\MSST42.DLL
[2010/02/06 13:02:07 | 000,000,422 | ---- | C] () -- C:\WINDOWS\System32\MSST45.DLL
[2010/01/30 14:15:51 | 000,002,963 | ---- | C] () -- C:\WINDOWS\citation.ini
[2009/10/29 22:36:23 | 000,111,724 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\rx_audio.Cache
[2009/10/25 11:02:59 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\pcouffin.cat
[2009/10/25 11:02:59 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\pcouffin.inf
[2009/10/18 22:26:06 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/10/18 22:26:02 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2009/10/18 22:26:02 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/10/18 22:26:02 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/10/18 22:26:02 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2009/10/18 21:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dvm.INI
[2009/10/09 00:59:57 | 000,032,192 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\Schedule8.dat
[2009/10/04 15:52:04 | 000,000,381 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/10/03 16:07:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
[2009/10/03 15:00:23 | 000,945,776 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\rx_image.Cache
[2009/09/28 23:23:01 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\qrz32.dll
[2009/09/28 23:23:01 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\agwdll32.dll
[2009/09/28 23:23:01 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RACCD32a.dll
[2009/09/28 23:23:01 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\GoWin32.dll
[2009/09/28 23:23:01 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\Hamcal32.dll
[2009/09/28 01:00:10 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/27 22:53:07 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/28 18:40:18 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/08/28 18:00:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/28 17:54:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/28 10:43:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/28 10:42:28 | 000,187,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/08/21 15:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/06/02 17:15:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 12:37:27 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/05/24 12:37:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/04/28 19:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/24 03:41:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 03:41:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 11:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 11:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2005/09/23 15:15:04 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/30 18:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/03/04 11:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2000/01/05 13:51:22 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/06/20 17:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/15 14:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/14 18:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/04 18:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Editor Software
[2010/07/03 08:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011/03/15 14:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/19 23:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/10/04 00:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/02/22 15:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResMed
[2011/01/15 17:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/03 13:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/03/28 20:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/05/04 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/19 19:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/03/27 15:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/04 22:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 00:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/09 23:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\DeepBurner
[2011/04/19 23:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\DriverCure
[2011/03/24 17:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\DVDFab
[2009/10/06 22:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\GlarySoft
[2010/07/03 08:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ICQ
[2010/08/08 10:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ImgBurn
[2009/09/30 00:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\iPod Copy Expert
[2011/04/19 23:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ParetoLogic
[2010/09/07 08:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\PresPro
[2011/03/15 19:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\RegistryKeys
[2011/01/15 17:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ScanSoft
[2011/03/27 18:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Tific
[2010/08/07 14:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Vso
[2010/01/17 18:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\WeatherBug
[2009/10/04 19:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\YouSendIt
[2010/11/30 20:16:07 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1281741011.job
[2011/05/04 18:00:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/05/04 02:38:06 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/04/19 23:22:42 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2011/05/03 09:54:56 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#24
SpySentinel
Posted 06 May 2011 - 12:41 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
What file is Norton detecting?
  • 0

#25
bilzer
Posted 06 May 2011 - 01:40 PM

bilzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The Trojan.alemod
  • 0

Advertisements

#26
SpySentinel
Posted 06 May 2011 - 09:30 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
What is the file location? If you can, please post a screen shot of what Norton finds.
  • 0

#27
bilzer
Posted 13 May 2011 - 08:54 AM

bilzer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Spy,

the Trojan.ALEMOD only comes up sporadically by Norton. I tried running a few scans and have it caught it again. I am getting Dr. Watson postmortem debugger that comes up sporadically and it locks the computer up. When that happens I have to shut the computer down. Also the computer will go from zero processor usage to almost 86% processor usage with no programs running. That happened sporadically. There seem to be a lot of processes running in task manager such as Apple mobile device, Roxio update and even when I terminate them they come back a few minutes later in task manager. I was wondering if there was a way to completely eliminate these programs from running in the background and draining resources. Let me know if you want me to run another scan for you. I had shoulder surgery on Monday so sorry for the delay in getting back to you.

Bill
  • 0

#28
SpySentinel
Posted 16 May 2011 - 11:17 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Sorry for the delay,

I will be getting to your log later today.
  • 0

#29
SpySentinel
Posted 02 June 2011 - 08:04 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Do you still need assistance?
  • 0

#30
SpySentinel
Posted 08 June 2011 - 09:46 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP