Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect, win32 process error and computer attacks


  • This topic is locked This topic is locked

#1
Drolkop

Drolkop

    New Member

  • Member
  • Pip
  • 2 posts
I recently started getting notifications that Norton was blocking an attempt to attack my computer. This message only comes up when I am on a search engine and search for something. When clicking on certain links it would in some instances redirect me to other sites or other search engines. After a while I get an error message saying that there is a win32 process error and then the screen goes blue and the computer freezes. Please see below the OTL scan results.

Thanks for any help you can give.

OTL Text:

OTL logfile created on: 29/04/2011 19:30:24 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Comet\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 11.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 30.34 Gb Free Space | 42.51% Space Free | Partition Type: NTFS
Drive D: | 71.82 Gb Total Space | 71.81 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: ACER-511EBA12DF | User Name: Comet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 19:29:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comet\Desktop\OTL.exe
PRC - [2011/04/27 09:11:30 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/26 16:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/11/24 03:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/14 08:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGCE.EXE
PRC - [2009/09/04 15:23:56 | 008,975,680 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/09/04 15:23:56 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/09/04 15:22:22 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/23 14:20:04 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/08 15:59:38 | 000,224,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2006/10/14 01:04:02 | 000,707,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2006/10/14 01:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/06/28 12:31:22 | 000,045,568 | R--- | M] (USBest) -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2006/06/01 23:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/05/12 00:22:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/04/19 04:54:50 | 000,049,152 | ---- | M] ( ) -- C:\WINDOWS\system32\SysMonitor.exe
PRC - [2006/03/18 00:00:50 | 000,345,088 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 19:29:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comet\Desktop\OTL.exe
MOD - [2010/12/04 07:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asOEHook.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\Microsoft.VC90.CRT\msvcp90.dll
MOD - [2006/03/17 23:59:44 | 000,176,128 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2006/03/09 02:11:40 | 000,022,016 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2006/03/07 06:25:40 | 000,199,168 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\CryptoAPI.dll
MOD - [2006/02/22 20:19:46 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc71u.dll
MOD - [2003/03/19 05:44:38 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71ENU.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/26 16:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/11/24 03:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2009/09/04 15:22:22 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/14 01:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/06/28 12:31:22 | 000,045,568 | R--- | M] (USBest) [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2006/05/12 00:22:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/26 01:00:20 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/26 01:00:19 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/15 21:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110419.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/13 18:07:40 | 000,057,144 | -H-- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/04/03 19:33:38 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110428.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/03 19:33:38 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/03 19:33:38 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110428.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 19:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110428.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/01/08 17:52:45 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/07 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/01 06:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/11/23 05:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/23 05:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/18 03:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/16 02:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/21 03:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/02/27 10:49:08 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/10/14 01:04:28 | 001,966,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2006/06/29 09:53:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/05 21:09:26 | 004,284,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/01 20:54:50 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmgmt.sys -- (SE2Bmgmt) Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM)
DRV - [2006/05/01 20:54:02 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmdm.sys -- (SE2Bmdm)
DRV - [2006/05/01 20:53:58 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bmdfl.sys -- (SE2Bmdfl)
DRV - [2006/05/01 20:53:08 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Bbus.sys -- (SE2Bbus) Sony Ericsson Device 043 Driver driver (WDM)
DRV - [2006/05/01 20:52:32 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Bunic.sys -- (se2Bunic) Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM)
DRV - [2005/10/28 19:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/10/04 23:38:24 | 000,280,064 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/01/13 23:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/10/25 21:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/03/23 14:20:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/01/08 18:09:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/01/08 17:49:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{77158870-BEBD-4050-9EA6-69C8B1809281}: C:\Documents and Settings\Comet\Local Settings\Application Data\{77158870-BEBD-4050-9EA6-69C8B1809281} [2011/04/17 17:53:45 | 000,000,000 | -H-D | M]

[2007/11/27 20:51:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Comet\Application Data\Mozilla\Firefox\Profiles\j3tvbdb1.default\extensions
[2007/11/04 09:46:51 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Comet\Application Data\Mozilla\Firefox\Profiles\j3tvbdb1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/27 20:51:44 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Comet\Application Data\Mozilla\Firefox\Profiles\j3tvbdb1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/07 10:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/03 18:46:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BBSetdun] File not found
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kvemukazaqa] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MbWzdFPAP-EXL540] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (X-Micro Technology Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} http://www.sayatv.co...load/SayaTV.cab (SayaTV Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.mypix.com...geUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Comet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Comet\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/11 22:04:08 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{455e686c-bde9-11db-b4cd-0019214cbd3c}\Shell\AutoRun\command - "" = J:\CometInstaller.exe
O33 - MountPoints2\{615e1112-5b7c-11df-bab7-0019214cbd3c}\Shell - "" = AutoRun
O33 - MountPoints2\{615e1112-5b7c-11df-bab7-0019214cbd3c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{615e1112-5b7c-11df-bab7-0019214cbd3c}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{7603ffe0-0cc0-11dc-b4fd-0019214cbd3c}\Shell - "" = AutoRun
O33 - MountPoints2\{7603ffe0-0cc0-11dc-b4fd-0019214cbd3c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7603ffe0-0cc0-11dc-b4fd-0019214cbd3c}\Shell\AutoRun\command - "" = F:\PdtGuide.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 19:29:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Comet\Desktop\OTL.exe
[2011/04/29 18:16:48 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/27 21:54:25 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/04/27 21:54:19 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/27 21:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Comet\Local Settings\Application Data\Sunbelt Software
[2011/04/27 21:48:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
[2011/04/27 21:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/27 21:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/04/27 21:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/04/24 11:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Easy
[2011/04/24 11:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2011/04/24 11:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Comet\Application Data\RegistryKeys
[2011/04/23 11:02:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/22 17:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/04/22 16:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2011/04/22 16:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Comet\Start Menu\Programs\SopCast
[2011/04/22 09:31:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Comet\Recent
[2011/04/22 07:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Comet\Local Settings\Application Data\Western_Digital
[2011/04/22 07:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Comet\Application Data\Western Digital
[2011/04/22 07:53:25 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2011/04/22 07:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/04/22 07:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2011/04/20 21:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/20 20:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/20 20:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/20 20:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/20 20:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/19 21:02:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/19 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/19 20:02:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Comet\Application Data\Malwarebytes
[2011/04/19 20:01:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/19 20:01:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/19 20:01:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/19 20:01:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/19 20:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 19:55:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/04/18 19:54:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/18 19:54:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/17 18:01:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/17 18:01:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/17 17:53:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Comet\Local Settings\Application Data\{77158870-BEBD-4050-9EA6-69C8B1809281}
[2011/04/08 10:17:38 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/03 15:40:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Comet\Application Data\Epson
[2011/04/03 15:33:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/04/03 15:27:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
[2011/04/03 15:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2011/04/03 15:23:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Comet\Local Settings\Application Data\ABBYY
[2011/04/03 15:20:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ABBYY
[2011/04/03 15:18:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Comet\Application Data\InstallShield
[2011/04/03 15:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/04/03 15:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2011/04/03 15:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2011/04/03 15:13:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2011/04/03 15:13:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/07/15 20:02:37 | 000,308,600 | -H-- | C] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\NortonProtectionMemo.exe
[2007/02/16 19:07:04 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2007/02/16 19:05:35 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2007/02/16 19:05:35 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 19:29:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Comet\Desktop\OTL.exe
[2011/04/29 19:27:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 19:25:50 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/29 19:24:27 | 000,073,451 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/29 19:24:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 19:24:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 19:23:58 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/29 19:23:57 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 18:48:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/29 18:38:26 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 21:55:15 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/27 21:55:15 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/27 21:54:18 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/27 21:48:53 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\Comet\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/27 21:48:53 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/04/27 20:45:57 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mhelofiboqa.dat
[2011/04/27 08:23:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wkomokesi.bin
[2011/04/26 01:00:20 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/04/26 01:00:19 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/23 08:47:27 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\Comet\Desktop\aureinstall.cmd
[2011/04/23 08:46:29 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\Comet\Desktop\aurepair.cmd
[2011/04/23 08:45:31 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\Comet\Desktop\aureset2.cmd
[2011/04/23 08:44:01 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Comet\Desktop\aureset.cmd
[2011/04/22 16:47:57 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Comet\Desktop\SopCast.lnk
[2011/04/22 07:53:34 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/04/22 07:53:34 | 000,001,061 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/04/19 21:02:30 | 000,000,686 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/19 20:33:26 | 000,001,817 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/19 20:01:50 | 000,000,788 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 20:01:30 | 000,000,542 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Comet.job
[2011/04/17 15:43:33 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/14 21:13:44 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/14 21:13:44 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/04/03 20:53:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2011/04/03 15:33:41 | 000,001,812 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2011/04/03 15:32:07 | 000,000,306 | ---- | M] () -- C:\WINDOWS\setup.iss
[2011/04/03 15:16:51 | 000,001,889 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON SX420W Series Network Guide.lnk
[2011/04/03 15:16:41 | 000,001,889 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON SX420W Series Manual.lnk
[2011/04/03 15:15:59 | 000,000,669 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/04/03 09:40:00 | 000,105,742 | -H-- | M] () -- C:\Documents and Settings\Comet\Desktop\Police certificate.pdf
[2011/04/03 09:04:23 | 000,231,190 | -H-- | M] () -- C:\Documents and Settings\Comet\Desktop\RetrieveHealthPDFServlet Medical.pdf
[2011/04/03 09:03:38 | 000,223,406 | -H-- | M] () -- C:\Documents and Settings\Comet\Desktop\RetrieveHealthPDFServlet.pdf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 18:45:18 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/04/28 00:23:23 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/27 21:55:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/27 21:55:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/27 21:54:52 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/27 21:48:53 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\Comet\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/04/27 21:48:52 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/04/26 20:07:01 | 804,835,328 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/23 10:29:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/23 08:47:27 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Comet\Desktop\aureinstall.cmd
[2011/04/23 08:46:29 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\Comet\Desktop\aurepair.cmd
[2011/04/23 08:45:31 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\Comet\Desktop\aureset2.cmd
[2011/04/23 08:44:01 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Comet\Desktop\aureset.cmd
[2011/04/22 16:47:57 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Comet\Desktop\SopCast.lnk
[2011/04/22 07:53:34 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/04/22 07:53:33 | 000,001,061 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/04/19 21:02:29 | 000,000,686 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/19 20:01:50 | 000,000,788 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/17 17:53:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mhelofiboqa.dat
[2011/04/17 17:53:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wkomokesi.bin
[2011/04/03 20:53:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/04/03 15:33:41 | 000,001,812 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2011/04/03 15:31:55 | 000,000,306 | ---- | C] () -- C:\WINDOWS\setup.iss
[2011/04/03 15:16:51 | 000,001,889 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON SX420W Series Network Guide.lnk
[2011/04/03 15:16:41 | 000,001,889 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON SX420W Series Manual.lnk
[2011/04/03 15:15:59 | 000,000,669 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2011/04/03 09:39:59 | 000,105,742 | -H-- | C] () -- C:\Documents and Settings\Comet\Desktop\Police certificate.pdf
[2011/04/03 09:04:22 | 000,231,190 | -H-- | C] () -- C:\Documents and Settings\Comet\Desktop\RetrieveHealthPDFServlet Medical.pdf
[2011/04/03 09:03:38 | 000,223,406 | -H-- | C] () -- C:\Documents and Settings\Comet\Desktop\RetrieveHealthPDFServlet.pdf
[2011/01/05 11:14:07 | 000,001,940 | -H-- | C] () -- C:\Documents and Settings\Comet\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/05 11:08:40 | 000,001,940 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/31 11:46:49 | 000,167,368 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/21 19:32:30 | 000,034,692 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/19 18:14:32 | 008,801,704 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/05/09 10:25:01 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/03/23 14:21:49 | 000,000,047 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/11/03 19:08:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ppsrc.ini
[2007/11/03 18:46:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/10/06 09:17:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/09/07 09:49:37 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/06/02 05:37:38 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/06/02 02:39:42 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2007/04/06 03:54:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/03/12 02:21:14 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/03/12 01:29:10 | 000,041,472 | -H-- | C] () -- C:\Documents and Settings\Comet\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/12 01:21:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Comet.ini
[2007/03/12 00:03:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/03/11 23:56:17 | 000,120,925 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/02/16 19:07:33 | 000,114,688 | ---- | C] () -- C:\WINDOWS\PowerOption.exe
[2007/02/16 19:07:33 | 000,000,294 | ---- | C] () -- C:\WINDOWS\PowerOption.ini
[2007/02/16 19:05:35 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2007/02/16 19:00:38 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Comet\Local Settings\Application Data\fusioncache.dat
[2006/08/11 22:07:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/11 22:07:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/11 22:06:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini
[2006/08/11 22:05:40 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll
[2006/08/11 22:04:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/08/11 22:03:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/08/11 22:03:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/08/11 22:03:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/08/11 22:03:44 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/08/11 21:54:50 | 000,442,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/11 21:54:50 | 000,071,936 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/11 21:51:34 | 000,169,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/11 21:40:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/11 21:38:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/11 23:19:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/11 23:19:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/11 23:19:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/11 23:19:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/11 23:19:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/11 23:19:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/11 23:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/11 23:19:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/11 23:19:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/11 23:19:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/11 23:19:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/29 15:05:58 | 000,303,104 | ---- | C] () -- C:\WINDOWS\CreateLnk.exe
[2006/05/06 01:21:26 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/12 23:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2006/03/09 02:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006/03/09 02:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/03 04:35:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2005/11/17 06:11:52 | 000,024,576 | RH-- | C] () -- C:\WINDOWS\System32\Kill1211.exe
[2005/11/10 20:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2005/10/31 03:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/10/26 07:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/10/12 17:43:40 | 000,000,095 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 01:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/12 22:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/04/04 08:44:04 | 000,000,258 | ---- | C] () -- C:\WINDOWS\Clearlnk.ini
[2004/12/17 03:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/10 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 21:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/24 00:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/08/07 17:51:32 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\reboot.exe
[2003/08/07 03:32:24 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\KCMDNIns.exe
[2003/03/14 20:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2002/05/23 17:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/25 18:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/25 18:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/07 12:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/07/15 20:02:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\09
[2011/04/03 15:16:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/12/21 20:47:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/04/04 17:28:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/06 17:13:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/04/03 15:33:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/05/09 16:55:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/03/21 17:28:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/17 09:12:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/20 17:29:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/18 11:04:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/27 21:49:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
[2011/04/03 15:40:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\Epson
[2010/02/21 17:55:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\Facebook
[2011/03/23 17:30:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\Image Zone Express
[2007/11/03 19:59:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\PPMate
[2009/03/07 10:03:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\ppstream
[2011/03/20 17:20:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\Printer Info Cache
[2011/04/24 11:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comet\Application Data\RegistryKeys
[2011/01/08 18:13:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\Tific
[2010/09/05 20:37:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\Transparent
[2009/09/06 17:13:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Comet\Application Data\Trusteer
[2011/04/22 07:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Comet\Application Data\Western Digital
[2011/04/29 19:25:50 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410

< End of report >

Edited by Drolkop, 29 April 2011 - 12:56 PM.

  • 0

Advertisements


#2
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Posted Image


Logs will be closed if you haven't replied within 3 days



Please don't attach the scans / logs from these scans, use "copy/paste".



DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:
Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:
Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.
  • 0

#3
Drolkop

Drolkop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi mate. I tried to run the kill programme but did not work. My computer crashed and is now unresponsive. I have now bought a new computer so this ticket can be closed. Thanks for your help.
  • 0

#4
ldtate

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Thank you for taking the time to post back and letting us know
Peace be with you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP