Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine ReDirect + Missing Desktop icons

Started by Gui101do , May 13 2011 09:42 AM

  • Please log in to reply

#1
Gui101do
Posted 13 May 2011 - 09:42 AM

Gui101do

    Member

  • Member
  • PipPip
  • 19 posts
Let me preface this by saying that I am under a time deadline and a massive amount of stress. I desperately need to get my PC back to where it was before the XP Home Security 2011 struck. I appreciate any help.

I recently just used MalWareBytes, spybot - search and destroy and RKill to clean the 'XP Anti-Virus 2011' & 'Windows Recover' from my machine (running Windows XP).

The pop-ups and fake danger alerts have ceased, however, my desktop icons and start>all programs icons are still missing.

I ran 'Unhide.exe' and gained some icons back, but not all. For instance, Start>all programs>accessories>systemtools>systemrestore is missing? I can't describe it, but even after going through control panel and folder options and clicking show hidden files and folders, I am still missing a bunch of stuff.

Also, whenever I Google search something and click a subsequent link, I get redirected to a bizarre website which is nothing like what I searched for.

I downloaded OTL, here is my log:

OTL logfile created on: 5/13/2011 11:29:02 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Angelo\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 207.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 2.95 Gb Free Space | 7.70% Space Free | Partition Type: NTFS
Drive D: | 298.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AGG4 | User Name: Angelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 11:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelo\My Documents\Downloads\OTL.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/12 19:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 11:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelo\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (STSService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2006/06/15 02:40:28 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/17 02:19:26 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/06/03 19:39:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/28 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Angelo\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Angelo\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/30 23:55:47 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/12/17 22:32:00 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2006/12/17 22:32:00 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2006/12/17 22:32:00 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2006/12/17 22:32:00 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2006/08/24 23:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 23:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/05/05 17:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/12/17 13:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16794S&l=dis
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.13.184
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.433
FF - prefs.js..keyword.URL: "http://www.bing.com/...FORM=BT006D&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/13 05:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 21:13:47 | 000,000,000 | ---D | M]

[2009/05/17 13:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Extensions
[2009/05/17 13:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Extensions\[email protected]
[2011/05/05 21:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions
[2010/07/19 23:23:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/17 13:02:24 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions\[email protected]
[2011/04/26 19:58:48 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions\[email protected]
[2010/10/23 16:02:02 | 000,000,000 | ---D | M] (LimeWire Toolbar) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions\[email protected]
[2011/05/12 20:42:18 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\searchplugins\askcom.xml
[2010/07/19 23:23:33 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\searchplugins\yahoo.xml
[2011/05/13 05:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/26 02:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/12 10:51:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 18:14:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 22:50:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 18:53:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/25 23:58:55 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\ANGELO\APPLICATION DATA\MOVE NETWORKS
[2010/06/12 10:50:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/08/15 20:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/13 03:29:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Voobly] File not found
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...4/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...4/uploader2.cab (UploadListView Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Angelo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Angelo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/29 21:55:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/06/01 03:39:56 | 000,000,524 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 05:33:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/13 03:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/13 03:14:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/13 03:10:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/13 03:10:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/13 03:10:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/13 03:10:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/13 03:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/13 03:10:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/13 03:09:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/13 02:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelo\Application Data\SUPERAntiSpyware.com
[2011/05/13 02:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/13 01:53:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Angelo\Recent
[2011/04/17 13:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelo\My Documents\ActiveGSLocalData
[2011/04/13 18:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2007/05/29 21:30:22 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/13 11:01:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/13 10:27:50 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 10:25:11 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/13 10:24:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/13 10:24:56 | 535,891,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 05:33:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Angelo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/13 05:33:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/13 03:29:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/13 03:14:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/13 02:48:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 01:42:14 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17555236
[2011/05/13 00:43:45 | 000,014,988 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066
[2011/05/13 00:43:44 | 000,014,988 | -HS- | M] () -- C:\Documents and Settings\Angelo\Local Settings\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066
[2011/05/13 00:26:28 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Eliqiritadumo.dat
[2011/05/13 00:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jyayuwenanojowa.bin
[2011/05/13 00:23:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Angelo\2gweorjqjutp92vjy9gake
[2011/05/12 22:28:57 | 000,085,974 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\registration.pdf
[2011/05/12 22:28:43 | 001,362,239 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\dekwaiver.pdf
[2011/05/12 22:28:24 | 000,286,924 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\teamreg.pdf
[2011/05/12 21:59:03 | 000,036,879 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 5 (WP).JPG
[2011/05/12 21:58:56 | 000,046,649 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 2 (FT).JPG
[2011/05/12 21:57:14 | 000,024,220 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 10 (TSB).JPG
[2011/05/09 20:28:41 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\Voobly.lnk
[2011/05/05 21:53:05 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/04/26 20:54:15 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2011/04/23 21:06:00 | 000,215,689 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\5bracket2-734x729.jpg
[2011/04/23 21:05:53 | 000,163,745 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\10bracket-734x552.jpg
[2011/04/15 23:27:08 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 00:40:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 00:33:51 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 00:33:51 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/13 18:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 05:33:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Angelo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/13 05:33:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/13 05:33:34 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/13 05:10:50 | 535,891,968 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 03:14:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/13 03:14:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/13 03:10:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/13 03:10:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/13 03:10:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/13 03:10:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/13 03:10:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/13 01:42:14 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17555236
[2011/05/13 00:26:28 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Eliqiritadumo.dat
[2011/05/13 00:26:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jyayuwenanojowa.bin
[2011/05/13 00:25:56 | 000,014,988 | -HS- | C] () -- C:\Documents and Settings\Angelo\Local Settings\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066
[2011/05/13 00:25:56 | 000,014,988 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066
[2011/05/13 00:23:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Angelo\2gweorjqjutp92vjy9gake
[2011/05/12 22:28:57 | 000,085,974 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\registration.pdf
[2011/05/12 22:28:43 | 001,362,239 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\dekwaiver.pdf
[2011/05/12 22:28:24 | 000,286,924 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\teamreg.pdf
[2011/05/12 21:59:06 | 000,036,879 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 5 (WP).JPG
[2011/05/12 21:58:58 | 000,046,649 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 2 (FT).JPG
[2011/05/12 21:57:21 | 000,024,220 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 10 (TSB).JPG
[2011/04/23 21:05:59 | 000,215,689 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\5bracket2-734x729.jpg
[2011/04/23 21:05:35 | 000,163,745 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\10bracket-734x552.jpg
[2010/12/29 20:33:34 | 000,059,988 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/14 19:31:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/10/14 19:20:19 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Angelo\Application Data\CIOSupport
[2010/10/14 19:20:19 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Carbon
[2010/10/14 19:20:19 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/10/14 19:17:54 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Caches
[2010/10/14 19:17:54 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Angelo\Application Data\Bubble Noise
[2010/10/14 19:17:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/06/07 19:00:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/25 12:54:23 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/12/20 21:31:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/03 20:56:48 | 000,001,206 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2008/03/26 15:12:27 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/01/06 17:39:21 | 000,008,654 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/27 22:39:00 | 000,000,630 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/10/21 21:51:06 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2007/10/21 21:51:06 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2007/08/17 16:16:26 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/05/09 13:15:55 | 000,000,511 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/24 18:50:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/23 18:25:04 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/02 22:31:12 | 000,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/22 04:02:00 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/22 04:02:00 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/22 04:02:00 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/22 03:17:30 | 000,037,957 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2006/11/12 17:44:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/11/09 22:00:27 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Angelo\Application Data\PFP110JPR.{PB
[2006/11/09 22:00:27 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Angelo\Application Data\PFP110JCM.{PB
[2006/11/08 02:25:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2006/11/06 12:53:41 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/01 00:04:42 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\Angelo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/31 00:15:13 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2006/10/31 00:15:13 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2006/10/30 12:24:31 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/30 12:23:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/30 01:43:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/10/30 00:07:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/10/29 22:20:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/29 21:57:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/29 21:51:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/29 16:43:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/29 16:42:27 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/11/10 15:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Again, I really appreciate any help. I am under a huge time constraint and very much need my machine back to normal.
  • 0

Advertisements

#2
RKinner
Posted 13 May 2011 - 10:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer


Copy the text in the code box by highlighting and Ctrl + c 


:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2010/06/12 10:51:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 18:14:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 22:50:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 18:53:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKCU..\Run: [Voobly] File not found
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
[2011/05/13 01:42:14 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17555236
[2011/05/13 00:43:45 | 000,014,988 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066
[2011/05/13 00:43:44 | 000,014,988 | -HS- | M] () -- C:\Documents and Settings\Angelo\Local Settings\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066
[2011/05/13 00:26:28 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Eliqiritadumo.dat
[2011/05/13 00:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jyayuwenanojowa.bin
[2011/05/13 00:23:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Angelo\2gweorjqjutp92vjy9gake

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


After you post your logs, if the Fix button (Not the FixMBR button) was enabled go back into aswMBR and hit the Fix button. Then run

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron
  • 0

#3
Gui101do
Posted 13 May 2011 - 10:49 AM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you, Ron. I am going through the steps now and will post as soon as I finish. Very grateful.
  • 0

#4
Gui101do
Posted 13 May 2011 - 02:39 PM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the first log which came up after it rebooted:

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Voobly deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Pager deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\17555236 moved successfully.
C:\Documents and Settings\All Users\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066 moved successfully.
C:\Documents and Settings\Angelo\Local Settings\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066 moved successfully.
C:\WINDOWS\Eliqiritadumo.dat moved successfully.
C:\WINDOWS\Jyayuwenanojowa.bin moved successfully.
C:\Documents and Settings\Angelo\2gweorjqjutp92vjy9gake moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Angelo
->Temp folder emptied: 132027393 bytes
->Temporary Internet Files folder emptied: 224411355 bytes
->Java cache emptied: 183901075 bytes
->FireFox cache emptied: 54280094 bytes
->Flash cache emptied: 2376320 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 814238 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2982691 bytes
%systemroot%\System32 .tmp files removed: 3244049 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 576.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05132011_162343

Files\Folders moved on Reboot...
C:\Documents and Settings\Angelo\Local Settings\Temporary Internet Files\Content.IE5\H9Q8M1NZ\ac2[2].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#5
Gui101do
Posted 13 May 2011 - 02:55 PM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Second Scan, here is the first OTL log:

OTL logfile created on: 5/13/2011 4:40:12 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Angelo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 108.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 3.41 Gb Free Space | 8.93% Space Free | Partition Type: NTFS
Drive D: | 298.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AGG4 | User Name: Angelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 11:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelo\Desktop\OTL.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/12 19:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 11:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelo\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (STSService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2006/06/15 02:40:28 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110429.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/17 02:19:26 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/12/24 16:27:44 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/06/03 19:39:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/28 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/30 23:55:47 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/12/17 22:32:00 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2006/12/17 22:32:00 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2006/12/17 22:32:00 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2006/12/17 22:32:00 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2006/08/24 23:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 23:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/05/05 17:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/12/17 13:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16794S&l=dis
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/13 05:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 21:13:47 | 000,000,000 | ---D | M]

[2009/05/17 13:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Extensions
[2009/05/17 13:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Extensions\[email protected]
[2011/05/05 21:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions
[2010/07/19 23:23:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/17 13:02:24 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions\[email protected]
[2011/04/26 19:58:48 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions\[email protected]
[2010/10/23 16:02:02 | 000,000,000 | ---D | M] (LimeWire Toolbar) -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\extensions\[email protected]
[2011/05/12 20:42:18 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\searchplugins\askcom.xml
[2010/07/19 23:23:33 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Angelo\Application Data\Mozilla\Firefox\Profiles\yymj6hgu.default\searchplugins\yahoo.xml
[2011/05/13 16:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/26 02:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) --
[2011/03/25 23:58:55 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\ANGELO\APPLICATION DATA\MOVE NETWORKS
[2010/06/12 10:50:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/08/15 20:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/13 16:24:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...4/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...4/uploader2.cab (UploadListView Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Angelo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Angelo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/29 21:55:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/06/01 03:39:56 | 000,000,524 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 16:23:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/13 11:28:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Angelo\Desktop\OTL.exe
[2011/05/13 05:33:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/13 03:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/13 03:14:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/13 03:10:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/13 03:10:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/13 03:10:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/13 03:10:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/13 03:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/13 03:10:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/13 03:09:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/13 02:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelo\Application Data\SUPERAntiSpyware.com
[2011/05/13 02:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/13 01:53:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Angelo\Recent
[2011/04/17 13:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelo\My Documents\ActiveGSLocalData
[2011/04/13 18:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2007/05/29 21:30:22 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/05/13 16:46:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/13 16:31:42 | 000,013,696 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/13 16:30:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/13 16:30:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/13 16:30:04 | 535,891,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 16:24:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/13 15:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/13 11:50:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 11:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelo\Desktop\OTL.exe
[2011/05/13 05:33:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Angelo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/13 05:33:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/13 03:14:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/13 02:48:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/12 22:28:57 | 000,085,974 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\registration.pdf
[2011/05/12 22:28:43 | 001,362,239 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\dekwaiver.pdf
[2011/05/12 22:28:24 | 000,286,924 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\teamreg.pdf
[2011/05/12 21:59:03 | 000,036,879 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 5 (WP).JPG
[2011/05/12 21:58:56 | 000,046,649 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 2 (FT).JPG
[2011/05/12 21:57:14 | 000,024,220 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 10 (TSB).JPG
[2011/05/09 20:28:41 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\Voobly.lnk
[2011/05/05 21:53:05 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/04/26 20:54:15 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[2011/04/23 21:06:00 | 000,215,689 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\5bracket2-734x729.jpg
[2011/04/23 21:05:53 | 000,163,745 | ---- | M] () -- C:\Documents and Settings\Angelo\Desktop\10bracket-734x552.jpg
[2011/04/15 23:27:08 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 00:40:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 00:33:51 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 00:33:51 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/13 18:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr

========== Files Created - No Company Name ==========

[2011/05/13 11:50:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 05:33:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Angelo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/13 05:33:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/13 05:33:34 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/13 05:10:50 | 535,891,968 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 03:14:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/13 03:14:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/13 03:10:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/13 03:10:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/13 03:10:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/13 03:10:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/13 03:10:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/12 22:28:57 | 000,085,974 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\registration.pdf
[2011/05/12 22:28:43 | 001,362,239 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\dekwaiver.pdf
[2011/05/12 22:28:24 | 000,286,924 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\teamreg.pdf
[2011/05/12 21:59:06 | 000,036,879 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 5 (WP).JPG
[2011/05/12 21:58:58 | 000,046,649 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 2 (FT).JPG
[2011/05/12 21:57:21 | 000,024,220 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\T-shirt 10 (TSB).JPG
[2011/04/23 21:05:59 | 000,215,689 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\5bracket2-734x729.jpg
[2011/04/23 21:05:35 | 000,163,745 | ---- | C] () -- C:\Documents and Settings\Angelo\Desktop\10bracket-734x552.jpg
[2010/12/29 20:33:34 | 000,059,988 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/14 19:31:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/10/14 19:20:19 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Angelo\Application Data\CIOSupport
[2010/10/14 19:20:19 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Carbon
[2010/10/14 19:20:19 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/10/14 19:17:54 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Caches
[2010/10/14 19:17:54 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Angelo\Application Data\Bubble Noise
[2010/10/14 19:17:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/06/07 19:00:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/25 12:54:23 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/12/20 21:31:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/03 20:56:48 | 000,001,206 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2008/03/26 15:12:27 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/01/06 17:39:21 | 000,008,654 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/27 22:39:00 | 000,000,630 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/10/21 21:51:06 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2007/10/21 21:51:06 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2007/08/17 16:16:26 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/05/09 13:15:55 | 000,000,511 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/24 18:50:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/23 18:25:04 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/02 22:31:12 | 000,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/22 04:02:00 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/12/22 04:02:00 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/12/22 04:02:00 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/12/22 03:17:30 | 000,037,957 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2006/11/12 17:44:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/11/09 22:00:27 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Angelo\Application Data\PFP110JPR.{PB
[2006/11/09 22:00:27 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Angelo\Application Data\PFP110JCM.{PB
[2006/11/08 02:25:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2006/11/06 12:53:41 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/01 00:04:42 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\Angelo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/31 00:15:13 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2006/10/31 00:15:13 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2006/10/30 12:24:31 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/30 12:23:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/30 01:43:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/10/30 00:07:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/10/29 22:20:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/29 21:57:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/29 21:51:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/29 16:43:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/29 16:42:27 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/11/10 15:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Here is the second, 'Extras' log:

OTL Extras logfile created on: 5/13/2011 4:40:12 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Angelo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 108.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 3.41 Gb Free Space | 8.93% Space Free | Partition Type: NTFS
Drive D: | 298.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AGG4 | User Name: Angelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 0.9.12
"{FAD03728-DA19-4313-959F-872A9C432A86}" = Samsung USB Driver (MCCI 4.34) WHQL v3.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BitTorrent" = BitTorrent 5.0.9
"Caesar 3" = Caesar 3
"Diablo II" = Diablo II
"FrostWire" = FrostWire 4.21.3
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"LimeWire" = LimeWire 5.5.16
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"PROSet" = Intel® PRO Network Adapters and Drivers
"SBC.MCCInstall" = AT&T Self Support Tool
"SopCast" = SopCast 3.2.4
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Starcraft" = Starcraft
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Voobly_is1" = Voobly
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

Error - 5/13/2011 4:23:54 PM | Computer Name = AGG4 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\Angelo\Desktop\OTL.exe (PID 2720) Time: Friday, May
13, 2011 4:23:54 PM

[ System Events ]
Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.


< End of report >
  • 0

#6
Gui101do
Posted 13 May 2011 - 03:17 PM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
For the aswMBR.exe tool, the 'scan' button is faded out and un-clickable. 'FixMBR' is available to be clicked, but I have not clicked it.

I didn't run the TDSSKiller, wasn't sure if I should or not.

Out of curiosity, what are these programs supposed to be doing. I have no clue what is going on, just following orders haha.
  • 0

#7
RKinner
Posted 13 May 2011 - 04:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
OTL removed some deadwood that will slow your PC down but mostly it removed these bad guys:

[2011/05/13 01:42:14 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17555236
[2011/05/13 00:43:45 | 000,014,988 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066
[2011/05/13 00:43:44 | 000,014,988 | -HS- | M] () -- C:\Documents and Settings\Angelo\Local Settings\Application Data\5u650t630agy03m0yymypbuqt24w288140sp38y523g066
[2011/05/13 00:26:28 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Eliqiritadumo.dat
[2011/05/13 00:26:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jyayuwenanojowa.bin
[2011/05/13 00:23:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Angelo\2gweorjqjutp92vjy9gake

These are all random names so definitely malware.

aswMBR doesnot remove anything unless you hit one of the buttons but it checks for common mbr infections. Please copy and paste its log. Also go ahead and run TDSSKiller. This will also check for a common mbr infection and repair it automatically. I would like to see its log too.

Symantec is complaining about OTL so you may need to pause it whenever you run one of our tools.

I'm seeing a problem in the event log:

Error - 5/13/2011 4:42:09 PM | Computer Name = AGG4 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D. Let's see if we can fix it.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Are you still getting redirected?

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:
Ron
  • 0

#8
Gui101do
Posted 13 May 2011 - 05:16 PM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the MBR log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-13 18:30:39
-----------------------------
18:30:39.546 OS Version: Windows 5.1.2600 Service Pack 3
18:30:39.546 Number of processors: 1 586 0x207
18:30:39.546 ComputerName: AGG4 UserName:
18:31:03.625 Initialize success
18:31:12.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:31:12.031 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3
18:31:14.062 Disk 0 MBR read successfully
18:31:14.062 Disk 0 MBR scan
18:31:14.062 Disk 0 Windows XP default MBR code
18:31:16.140 Disk 0 scanning sectors +80276805
18:31:16.234 Disk 0 scanning C:\WINDOWS\system32\drivers
18:32:03.875 Service scanning
18:32:05.765 Disk 0 trace - called modules:
18:32:05.781 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82ef01ed]<<
18:32:05.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f6eab8]
18:32:05.781 3 CLASSPNP.SYS[f8736fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f4cd98]
18:32:05.796 \Driver\atapi[0x82f7daa8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x82ef01ed
18:32:05.796 Scan finished successfully
18:32:25.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Angelo\Desktop\MBR.dat"
18:32:25.296 The log file has been saved successfully to "C:\Documents and Settings\Angelo\Desktop\aswMBR.txt"


I went ahead and clicked 'FixMBR' and it replied with a warning that damage could be done to my partitions. Should I have fixed anyways?

Next up, I have TDDSSKiller saved on my desktop. I double click it and nothing happens. Not sure what that is about.

Next problem: I get to the eventvwr.msc screen. I right-clicked on 'system' and 'application'. I then clicked 'clear all events' as that was the only option similar to what you suggested. Nothing happened. The file went from 512 kb to 448 kb?

Here are the results from the Vino tool:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 13/05/2011 6:55:09 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/05/2011 6:52:52 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:52 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:52 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:52 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:52 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

Log: 'System' Date/Time: 13/05/2011 6:52:51 PM
Type: error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk0\D.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/05/2011 6:52:50 PM
Type: warning Category: 0
Event: 50 Source: Ntfs
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Log: 'System' Date/Time: 13/05/2011 6:52:38 PM
Type: warning Category: 0
Event: 50 Source: Ntfs
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Log: 'System' Date/Time: 13/05/2011 6:52:28 PM
Type: warning Category: 0
Event: 50 Source: Ntfs
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Log: 'System' Date/Time: 13/05/2011 6:52:18 PM
Type: warning Category: 0
Event: 50 Source: Ntfs
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Log: 'System' Date/Time: 13/05/2011 6:52:12 PM
Type: warning Category: 0
Event: 50 Source: Ntfs
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Yes, I still get redirected like crazy. I clicked application and repeated the steps and ran it again. Almost instantly a very brief log popped up with not too much listed.

Here is my MalwareByte log (no issues):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6568

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/13/2011 7:09:24 PM
mbam-log-2011-05-13 (19-09-24).txt

Scan type: Quick scan
Objects scanned: 151344
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am unable to save ComboFix to desktop. When I click the link, it merely gives me the option to save then it saves it to my documents and in my downloads folder. It doesn't give me the option to 'save as' or rename or save to desktop?
  • 0

#9
RKinner
Posted 13 May 2011 - 07:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Still waiting on the Combofix log. We might get lucky with Combofix so make sure you run it. Remember that Symantec must be paused while downloading or running Combofix.

Run aswMBR after Combofix and see if it still has this line:
"18:32:05.781 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82ef01ed]<<"

If it does then you will need to do one of the following. Option 1 is quickest and pretty sure but not without risks.

What make and model of PC is this? With Dell/HP/Compaq you have to be careful with FixMBR as they have non-standard MBRs.

You have an infected MBR so we have two options:

1. Try to fix the MBR:
You can either push the FixMBR button or the preferred way is to use the Recovery Console which is usually installed by Combofix.

Boot into the Recovery Console:

Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from two to 10 seconds. OK

Now Reboot. When it gives you a choice between your regular XP and the Recovery Console, hit the down arrow to select the Recovery Console then Enter. You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

exit

(reboot into normal mode)

2. Avast boot-time scan. This only works sometimes but I prefer to try it first with Dell/HP/Compaq since this way we do not lose the capability to return the PC to how it came from the factory: Uninstall Symantec, save the license key if this is a paid subscription http://us.norton.com...3834EN&ln=en_US , run the norton removal tool, ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe install the free Avast. http://www.avast.com...ivirus-download

Download, Save, and Install.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball, Scan Computer, Scan Logs, select the Boot-time scan log and view results. If it found something repeat the boot-time scan.

Regardless of which option you choose run aswMBR when done and post the log.

Ron
  • 0

#10
Gui101do
Posted 13 May 2011 - 09:03 PM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Combofix has been running for nearly 3 and a half hours. Is this normal? I have not disturbed it, no mouse clicking or typing. Should I let it keep going or do you think it has stalled?

I have a Dell computer.
  • 0

Advertisements

#11
Gui101do
Posted 13 May 2011 - 11:21 PM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I was unable to uninstall Symantec. Apparently I have version 9, which the removal tool suggests I go to add/remove programs to get rid of it there first. Symantec was gone from add/remove, all the remained was the symantec live updater, which had an error and wouldn't let me uninstall it because it was running(?).

This is unbelievable how every step turns into a rabbit hole of fumbling around with a new tool or log. I thought I had this thing beat when spybot and malwarebyte cleaned the virus away. Now I'm left with a crippled computer and I feel like I am failing to make anymore progress.

I don't know what to do now. I've invested so much time into this and I hope it doesn't come down to formatting it, which will crush a lot of work I have on there.

In the morning I'll try the suggestion you gave to boot into recovery console. That will fix my MBR right? And once that is fixed I can use the aswMBR tool and post the log. At which point...I have no idea...haha.

Thanks for your continued help. Is this actually solvable?
  • 0

#12
RKinner
Posted 13 May 2011 - 11:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
We can get rid of LiveUpdate with OTL or you can just turn off the service. Start, Run, services.msc, OK. Then Find Live Update and double click then change the Startup Type to Disabled then STOP the service.

It shouldn't keep you from installing Avast. Since you have a Dell it would probably be better to install Avast and let it do a boot-time scan. If you do the fixmbr then you lose the ability to restore it to factory unless it came with disks.

Ron
  • 0

#13
Gui101do
Posted 14 May 2011 - 09:07 AM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I tried to let Combofix run overnight and this morning it had one of those 'end now' program is unresponsive messages. It was titled JVM?

I followed your instructions and disabled the Live Update.

I edited because I originally had an issue installing Avast! I have since been able to install it.

Edited by Gui101do, 14 May 2011 - 01:06 PM.

  • 0

#14
Gui101do
Posted 14 May 2011 - 01:10 PM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I was finally, finally, finally able to remove Symantec completely from my system. This time, the add/remove function didn't run into a problem.

I have rebooted my machine and Avast is running the boot scan successfully. Phew!

It will take a couple hours and when it is done, I hope it has discovered the issues.
  • 0

#15
Gui101do
Posted 14 May 2011 - 02:56 PM

Gui101do

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Avast! did the boot scan and eventually restarted my computer. No Virus Found. How could that be?

I ran aswMBR after doing the Avast steps, here is the log from aswMBR:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-14 16:52:14
-----------------------------
16:52:14.500 OS Version: Windows 5.1.2600 Service Pack 3
16:52:14.500 Number of processors: 1 586 0x207
16:52:14.546 ComputerName: AGG4 UserName:
16:52:15.531 Initialize success
16:52:21.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:52:21.859 Disk 0 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 3
16:52:23.875 Disk 0 MBR read successfully
16:52:23.875 Disk 0 MBR scan
16:52:23.875 Disk 0 Windows XP default MBR code
16:52:25.875 Disk 0 scanning sectors +80276805
16:52:25.984 Disk 0 scanning C:\WINDOWS\system32\drivers
16:52:41.312 Service scanning
16:52:43.375 Disk 0 trace - called modules:
16:52:43.406 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82ef61ed]<<
16:52:43.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f4aab8]
16:52:43.406 3 CLASSPNP.SYS[f8736fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f6dd98]
16:52:43.406 \Driver\atapi[0x82f6e030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x82ef61ed
16:52:43.406 Scan finished successfully
16:53:03.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Angelo\Desktop\MBR.dat"
16:53:03.484 The log file has been saved successfully to "C:\Documents and Settings\Angelo\Desktop\aswMBR.txt"

-------------------------------

I noticed when the scan completed these two lines in the log were highlighted red:

16:52:43.406 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82ef61ed]<<

16:52:43.406 \Driver\atapi[0x82f6e030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x82ef61ed

Is it safe to click the FixMBR? Or is there something else to do?

Just for the heck of it, I ran Avast! again and Malwarebyte Anti-Malware and both came up clean with zero issues found?

Edited by Gui101do, 14 May 2011 - 04:09 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP