Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Recovery Virus & Redirect in IE


  • This topic is locked This topic is locked

#1
aarikarenaa

aarikarenaa

    New Member

  • Member
  • Pip
  • 5 posts
Hello!

I beleive I have removed Windows Recorvery Virus from my PC but now I am riddled with script errors and redirects from any link in google on both IE and Firefox. I am also getting ads playing through my speakers even when no windows are open.

I have been through all of the forums and have tried just about everything but combofix - also I cannot get TDSSKiller from Kaspersky to open even when renaming the file.

Any help is appreciated and here is my OTL:



OTL logfile created on: 4/28/2011 11:43:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Apex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 170.88 Gb Total Space | 141.05 Gb Free Space | 82.54% Space Free | Partition Type: NTFS
Drive D: | 62.00 Gb Total Space | 60.57 Gb Free Space | 97.70% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: Apex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 11:43:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Apex\Desktop\OTL.exe
PRC - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/18 23:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/21 13:23:26 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/12/21 11:46:46 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/12/08 21:26:02 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/12/03 16:34:46 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\FGuard.exe
PRC - [2010/12/02 12:33:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/12/01 15:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2010/11/19 07:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/05/26 06:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/03/15 15:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/03/17 09:22:22 | 014,304,256 | ---- | M] (John Taylor and Assoc.) -- C:\Program Files\Snappy Fax Version 4\sf4.exe
PRC - [2008/10/29 00:30:50 | 000,570,016 | ---- | M] (Axaware) -- C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/19 19:33:00 | 001,015,808 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2007/07/18 21:01:24 | 000,094,208 | ---- | M] () -- C:\Program Files\Snappy Fax Version 4\sfpagent.exe
PRC - [2004/05/26 19:37:27 | 000,392,704 | ---- | M] () -- C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
PRC - [2001/11/08 23:47:50 | 000,356,352 | ---- | M] () -- C:\Program Files\NASDAK\OmniMouse Driver\4.06\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2011/04/28 11:43:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Apex\Desktop\OTL.exe
MOD - [2010/12/02 12:33:12 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 14:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2010/05/26 06:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/10/29 00:30:52 | 000,303,776 | ---- | M] () -- C:\Program Files\Axaware\SpamBully 4 for Outlook Express\HookOECreation.dll
MOD - [2001/11/09 05:13:56 | 000,073,728 | ---- | M] () -- C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/12/21 11:46:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/12/08 21:26:02 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/02 12:33:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 07:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/09/20 10:04:56 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/05/26 06:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/03/15 15:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/10/29 00:30:50 | 000,570,016 | ---- | M] (Axaware) [Auto | Running] -- C:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe -- (ServiceSB4)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - [2010/12/02 12:33:12 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/02 12:33:12 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/02 12:33:12 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/11/25 11:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/25 11:42:10 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/11/17 11:19:50 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/16 15:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 15:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/26 06:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/01/26 13:26:31 | 000,170,080 | ---- | M] (Apricorn) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ezgmntr.sys -- (ezgmntr)
DRV - [2010/01/26 13:26:31 | 000,065,856 | ---- | M] (Apricorn) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/01/26 13:26:31 | 000,026,912 | ---- | M] (Apricorn) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ezgfsfilt.sys -- (ezgfsfilt)
DRV - [2009/10/22 16:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/07/01 03:27:44 | 000,108,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/02/29 04:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 04:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 04:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/23 16:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 16:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2004/11/02 15:31:02 | 000,219,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/11/02 15:30:02 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/02 15:29:28 | 001,036,544 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.c...hp?hl=en&tab=wn
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 02:49:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/12/15 14:59:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 10:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/28 10:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Apex\Application Data\Mozilla\Extensions
[2011/04/28 10:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/28 10:02:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/13 15:05:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\Mouse32A.exe ()
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [Snappy Fax Printer Agent] C:\Program Files\Snappy Fax Version 4\sfpagent.exe ()
O4 - HKLM..\Run: [Snappy Fax Printer virtual printer agent] C:\Program Files\Snappy Fax Version 4\sfpagent.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BMP] C:\Documents and Settings\All Users\Application Data\7c336a\BM7c3_2300.exe ()
O4 - HKCU..\Run: [Snappy Fax] C:\Program Files\Snappy Fax Version 4\sf4.exe (John Taylor and Assoc.)
O4 - HKCU..\Run: [Trackstick Manager.exe] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.146 68.87.85.98
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll - C:\Program Files\Citrix\GoToAssist Express Customer\240\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 11:04:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c443bb4-abd2-11df-a469-0019d197f21f}\Shell - "" = AutoRun
O33 - MountPoints2\{2c443bb4-abd2-11df-a469-0019d197f21f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c443bb4-abd2-11df-a469-0019d197f21f}\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O33 - MountPoints2\{34718a45-330d-11e0-a494-0019d197f21f}\Shell - "" = AutoRun
O33 - MountPoints2\{34718a45-330d-11e0-a494-0019d197f21f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34718a45-330d-11e0-a494-0019d197f21f}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{721df0ac-141c-11dd-a89c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{721df0ac-141c-11dd-a89c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{721df0ac-141c-11dd-a89c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 11:43:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Apex\Desktop\OTL.exe
[2011/04/28 11:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Apex\Desktop\RK_Quarantine
[2011/04/28 11:19:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/28 11:18:58 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Apex\Desktop\OTM.exe
[2011/04/28 10:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Apex\Local Settings\Application Data\Mozilla
[2011/04/28 10:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Apex\Application Data\Mozilla
[2011/04/28 10:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/28 10:03:13 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/28 10:03:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/28 10:03:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/28 10:03:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/28 09:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/28 09:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/28 09:03:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/28 08:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Apex\Local Settings\Application Data\Secunia PSI
[2011/04/28 08:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/04/28 08:45:58 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\Apex\Desktop\PSISetup.exe
[2011/04/27 10:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/04/27 10:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/27 10:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/04/27 10:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Apex\Desktop\Attach
[2011/04/27 08:25:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/26 18:24:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Apex\Recent
[2011/04/13 10:03:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2011/04/07 11:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Apex\Desktop\SB Temp

========== Files - Modified Within 30 Days ==========

[2011/04/28 11:43:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Apex\Desktop\OTL.exe
[2011/04/28 11:39:57 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/28 11:31:56 | 001,116,672 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\winlogin.exe
[2011/04/28 11:25:52 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 11:24:26 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 11:24:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 11:18:59 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Apex\Desktop\OTM.exe
[2011/04/28 11:17:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/28 11:13:57 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\tdsskiller.zip
[2011/04/28 11:06:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 10:49:29 | 000,001,432 | ---- | M] () -- C:\WINDOWS\crw.ini
[2011/04/28 10:29:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/28 10:28:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 10:28:46 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 10:02:37 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/28 10:02:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/28 10:02:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/28 10:02:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/28 10:02:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/28 08:55:40 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/04/28 08:46:01 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\Apex\Desktop\PSISetup.exe
[2011/04/28 08:10:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Apex\defogger_reenable
[2011/04/28 08:09:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\Defogger.exe
[2011/04/28 05:11:29 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2238FD0A-1A27-49C4-88A0-7F6874CCB0C3}.job
[2011/04/27 15:13:15 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/04/27 14:27:43 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\attach.zip
[2011/04/27 14:27:19 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Apex\My Documents\attach.zip
[2011/04/27 10:53:06 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/27 10:51:13 | 016,901,448 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\winzip155.exe
[2011/04/27 10:39:07 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\gmer.zip
[2011/04/27 10:12:49 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\dds.scr
[2011/04/27 08:13:16 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\SpamBully.lnk
[2011/04/27 08:10:38 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Apex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/26 19:49:19 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickBooks Pro 2010.lnk
[2011/04/26 19:34:15 | 000,002,170 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/26 19:33:26 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TOWTRACK.lnk
[2011/04/26 19:33:07 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\Shortcut to TOWTRACK.lnk
[2011/04/26 16:14:57 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\32628532
[2011/04/26 11:54:04 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\34135860
[2011/04/26 09:04:12 | 000,104,597 | ---- | M] () -- C:\WINDOWS\System32\SFP
[2011/04/21 08:47:49 | 000,321,067 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\citizen.jpg
[2011/04/20 12:38:56 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/20 12:37:02 | 000,733,998 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/18 17:15:48 | 001,212,479 | ---- | M] () -- C:\Documents and Settings\Apex\Desktop\96 2500.jpg
[2011/04/05 13:46:11 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

========== Files Created - No Company Name ==========

[2011/04/28 11:31:52 | 001,116,672 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\winlogin.exe
[2011/04/28 11:13:51 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\tdsskiller.zip
[2011/04/28 10:29:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/28 10:28:46 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 10:28:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 10:28:45 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/28 08:55:40 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/04/28 08:55:40 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/04/28 08:10:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Apex\defogger_reenable
[2011/04/28 08:09:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\Defogger.exe
[2011/04/27 15:13:15 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/04/27 14:27:43 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\attach.zip
[2011/04/27 14:26:59 | 000,055,131 | ---- | C] () -- C:\Documents and Settings\Apex\My Documents\attach.zip
[2011/04/27 10:53:06 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/04/27 10:51:05 | 016,901,448 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\winzip155.exe
[2011/04/27 10:39:05 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\gmer.zip
[2011/04/27 10:12:47 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\dds.scr
[2011/04/27 08:13:16 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\SpamBully.lnk
[2011/04/26 19:49:19 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickBooks Pro 2010.lnk
[2011/04/26 19:33:26 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Apex\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TOWTRACK.lnk
[2011/04/26 19:33:07 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\Shortcut to TOWTRACK.lnk
[2011/04/26 16:12:45 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\32628532
[2011/04/26 11:54:04 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\34135860
[2011/04/21 08:47:49 | 000,321,067 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\citizen.jpg
[2011/04/18 17:15:47 | 001,212,479 | ---- | C] () -- C:\Documents and Settings\Apex\Desktop\96 2500.jpg
[2011/01/07 10:02:19 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7840w.dat
[2010/11/23 12:55:37 | 000,212,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/13 10:31:25 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/09 23:03:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/09 10:42:25 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/26 12:21:37 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TTREPAIR.INI
[2010/01/26 13:26:31 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2009/06/09 16:33:46 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/09 16:32:56 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/09 16:32:56 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/09 16:32:56 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD8670DN.DAT
[2009/06/09 16:32:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/06/09 16:32:30 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/06/09 16:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/09 16:32:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/17 16:46:47 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\sfppm.dll
[2009/02/16 12:07:45 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/01/05 10:37:23 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2008/08/26 09:22:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Apex\Application Data\AVSDVDPlayer.m3u
[2008/08/26 09:18:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/26 09:18:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/30 11:36:03 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/30 11:36:03 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/30 11:35:30 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/30 11:35:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/30 11:35:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/04/28 15:42:31 | 000,000,289 | ---- | C] () -- C:\WINDOWS\TRUBRWSE.INI
[2008/04/28 15:42:31 | 000,000,126 | ---- | C] () -- C:\WINDOWS\MARKGRID.INI
[2008/04/28 15:42:31 | 000,000,126 | ---- | C] () -- C:\WINDOWS\LINKGRID.INI
[2008/04/28 15:42:31 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TRUEGRID.INI
[2008/04/28 15:35:19 | 000,001,763 | ---- | C] () -- C:\WINDOWS\CRWDIST.INI
[2008/04/28 15:35:18 | 000,000,660 | ---- | C] () -- C:\WINDOWS\PGEDITOR.INI
[2008/04/28 15:31:19 | 000,000,677 | ---- | C] () -- C:\WINDOWS\ODBCISAM.INI
[2008/04/28 15:31:19 | 000,000,260 | ---- | C] () -- C:\WINDOWS\QEX.INI
[2008/04/28 14:42:48 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DBUPDATE.INI
[2008/04/28 14:40:30 | 000,001,432 | ---- | C] () -- C:\WINDOWS\crw.ini
[2008/04/28 14:34:07 | 000,029,680 | ---- | C] () -- C:\WINDOWS\BDUNZIP.DLL
[2008/04/28 14:34:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/04/28 13:46:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2008/04/28 12:19:27 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Apex\Local Settings\Application Data\fusioncache.dat
[2008/04/28 10:50:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/04/26 09:28:00 | 000,000,786 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/26 09:28:00 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/04/26 09:27:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/04/25 12:00:32 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Apex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 11:54:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/04/25 11:52:36 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/04/25 11:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 11:00:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 03:41:53 | 000,004,845 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 03:40:16 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,511,214 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,095,144 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements


#2
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Posted Image


DO NOT use any TOOLS such as Combofix, OTL, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.



Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please Please copy / paste the scan reults.

DDS.txt
  • 0

#3
aarikarenaa

aarikarenaa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello,

Another forum I posted to a couple days ago replied back today and has me running an OTL scan with custom fix/scan code. She said it would be a really quick scan and to post the logs. An hour and a half has gone by and it is still scanning and now running through the same files it was 45 minutes ago. The moderator is now offline as well. Should I cancel this scan and run the DDS or let it keep going. I am currently on another computer so that scan can run uninterupted.

Thanks!


Aarika Renaa
  • 0

#4
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
posting to multiple forums is self defeating.

1) It increases the post load to each forum, decreasing the number of replies that can physically get answered as we only have so many helpers, who are all volunteers and do this in their spare time.
2) It decreases the ability of helpers to assist as many users as possible.
4) Following the advise of more than one helper can be detrimental to your computer, we each have different methods to attain the same outcome - mixing the two methods can have a negative effect.
5) If you are being helped at another forum, your thread at G2G will be closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP