Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Click Check Virus


  • This topic is locked This topic is locked

#1
bkossmann

bkossmann

    New Member

  • Member
  • Pip
  • 1 posts
Symptoms are: sometimes, but not always, Google searches take me to random websites. It frequently takes me to the click check site.

Also, even when my computer is apparently working correctly, the virus still hogs all my processor and a ton of memory. My processor is usually at 100% after the computer has been running for a while.

Uusually when I first start up the computer, it will run normally for a while, then the virus takes over, somewhat gradually.

Here is my OTL report:

OTL logfile created on: 5/18/2011 5:30:29 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\bill kossmann\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.16 Gb Total Space | 61.53 Gb Free Space | 71.42% Space Free | Partition Type: NTFS

Computer Name: VALUED-C0DCCC42 | User Name: bill kossmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 05:30:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill kossmann\Desktop\OTL.exe
PRC - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2005/12/14 02:43:40 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/11/28 18:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 18:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/11/28 18:38:34 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/11/24 14:47:34 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/10/12 01:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 18:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 05:30:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill kossmann\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/01/16 13:25:02 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/01/07 01:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/12/21 13:06:28 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/11/28 18:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 18:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/28 18:38:34 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/25 18:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/11/24 21:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 20:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 20:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/10/11 15:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/10/11 15:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/05/20 21:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/13 20:26:00 | 001,106,888 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/29 22:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/27 19:22:10 | 000,029,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 16:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/16 02:36:20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/08 01:50:48 | 000,108,672 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/10/08 01:30:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/09/21 13:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/20 19:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/09/16 20:35:58 | 000,046,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/09/15 22:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/01 20:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 17:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 16:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2000/12/05 20:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Netscape Browser 8.1.0.0\Extensions\\Components: C:\\Program Files\\Netscape\\Netscape Browser\Components [2011/05/13 03:16:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.0.0\Extensions\\Plugins: C:\\Program Files\\Netscape\\Netscape Browser\Plugins [2010/12/24 20:08:32 | 000,000,000 | ---D | M]

[2009/08/16 22:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bill kossmann\Application Data\Mozilla\Extensions
[2011/05/14 16:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bill kossmann\Application Data\Mozilla\Firefox\Profiles\74di1484.default\extensions
[2011/01/18 01:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/07 04:37:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/14 16:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/10/26 11:14:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/01/07 04:36:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.0\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1244700587145 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/15 21:16:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 05:30:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bill kossmann\Desktop\OTL.exe
[2011/05/16 18:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Desktop\New Folder
[2011/05/15 11:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Application Data\comcasttb
[2011/05/15 11:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Application Data\CallingID
[2011/05/15 11:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
[2011/05/15 11:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2011/05/15 11:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Application Data\xfin_portal
[2011/05/15 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\xfin_portal
[2011/05/14 16:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Desktop\warwick
[2011/05/14 16:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Desktop\epi
[2011/05/14 16:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Desktop\ebay photos
[2011/05/14 16:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/14 16:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/14 16:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/05/13 04:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Desktop\video(2)
[2011/05/13 04:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Desktop\theme
[2011/05/13 04:00:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bill kossmann\Desktop\tammy(2)
[2011/05/13 04:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Desktop\michelle(2)
[2011/05/13 03:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Application Data\Netscape
[2011/05/13 02:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/13 02:37:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/13 02:37:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/13 02:37:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/13 02:14:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2011/05/12 20:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/12 20:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/12 20:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/12 20:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bill kossmann\Local Settings\Application Data\{6BC27366-61CF-47C5-896D-C80862043E5E}
[2011/05/12 20:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mA06511FoJeK06511
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/18 05:30:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/18 05:30:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bill kossmann\Desktop\OTL.exe
[2011/05/18 05:11:53 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 05:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 05:11:47 | 1063,424,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 04:42:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 21:48:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/16 03:44:15 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 23:06:30 | 000,524,394 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\match8.JPG
[2011/05/15 23:05:46 | 000,535,334 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\match7.JPG
[2011/05/15 23:05:22 | 000,586,739 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\match6.JPG
[2011/05/15 23:05:08 | 000,564,599 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\match5.JPG
[2011/05/15 23:04:56 | 000,556,417 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\match4.JPG
[2011/05/15 23:04:28 | 000,580,546 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\match3.JPG
[2011/05/15 23:04:12 | 000,610,550 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\match1.JPG
[2011/05/15 23:04:00 | 000,564,450 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\match2.JPG
[2011/05/14 16:40:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/14 13:38:16 | 000,589,852 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\1.JPG
[2011/05/13 02:17:45 | 000,489,980 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/13 02:17:45 | 000,091,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/13 02:14:55 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/12 20:33:01 | 000,017,490 | -HS- | M] () -- C:\Documents and Settings\bill kossmann\Local Settings\Application Data\5447h71364tv
[2011/05/12 20:33:01 | 000,017,490 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5447h71364tv
[2011/05/12 20:32:03 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pgazisawanulam.dat
[2011/05/12 20:32:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lzabez.bin
[2011/05/12 20:29:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bill kossmann\2gweorjqjutp92vjy9gake
[2011/05/12 08:02:42 | 001,462,566 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\Dyna photos 001.JPG
[2011/05/11 21:58:35 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Application Data\wklnhst.dat
[2011/05/04 19:16:08 | 000,795,361 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\Dyna photos 006.jpg
[2011/05/04 19:16:04 | 000,746,411 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\Dyna photos 002.jpg
[2011/05/04 01:53:42 | 000,046,213 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\hd pipe mounts.jpg
[2011/05/03 01:23:23 | 000,155,050 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\2005 low rider.jpg
[2011/04/25 17:35:43 | 005,613,841 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00138.JPG
[2011/04/25 17:34:03 | 005,790,983 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00140.JPG
[2011/04/25 17:32:40 | 005,514,070 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00139.JPG
[2011/04/25 17:17:36 | 005,309,155 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00137.JPG
[2011/04/25 17:16:47 | 005,313,404 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00136.JPG
[2011/04/25 17:15:54 | 005,581,049 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00135.JPG
[2011/04/25 17:13:59 | 005,047,105 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00134.JPG
[2011/04/25 17:11:51 | 005,154,391 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00133.JPG
[2011/04/25 17:10:05 | 005,558,750 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00132.JPG
[2011/04/25 17:06:30 | 005,656,798 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00131.JPG
[2011/04/25 09:42:08 | 000,600,123 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\bag4.JPG
[2011/04/25 09:41:22 | 000,583,799 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\bag3.JPG
[2011/04/25 09:41:02 | 000,609,714 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\bag2.JPG
[2011/04/25 09:40:52 | 000,575,243 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\bag1.JPG
[2011/04/25 09:40:02 | 000,574,029 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\mirrors4.JPG
[2011/04/25 09:39:32 | 000,612,706 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\mirror3.JPG
[2011/04/25 09:39:12 | 000,593,302 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\mirrors2.JPG
[2011/04/25 09:38:46 | 000,585,866 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\mirrors1.JPG
[2011/04/25 09:26:40 | 000,564,256 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\seat4.JPG
[2011/04/25 09:25:42 | 000,622,331 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\seat3.JPG
[2011/04/25 09:12:32 | 000,587,488 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\sissy2.JPG
[2011/04/25 09:12:14 | 000,577,253 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\sissy1.JPG
[2011/04/25 09:06:32 | 000,605,285 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\stockpegs.JPG
[2011/04/25 09:04:52 | 000,583,752 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\dragbars.JPG
[2011/04/19 07:12:30 | 000,590,113 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\hd2.JPG
[2011/04/19 07:12:12 | 000,591,581 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\hd3.JPG
[2011/04/19 07:11:40 | 000,610,516 | ---- | M] () -- C:\Documents and Settings\bill kossmann\Desktop\hd1.JPG
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 21:07:13 | 000,589,852 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\1.JPG
[2011/05/16 21:16:23 | 000,524,394 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\match8.JPG
[2011/05/16 21:16:19 | 000,535,334 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\match7.JPG
[2011/05/16 21:16:04 | 000,586,739 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\match6.JPG
[2011/05/16 21:15:58 | 000,564,599 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\match5.JPG
[2011/05/16 21:15:52 | 000,556,417 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\match4.JPG
[2011/05/16 21:15:45 | 000,580,546 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\match3.JPG
[2011/05/16 21:15:39 | 000,564,450 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\match2.JPG
[2011/05/16 21:15:33 | 000,610,550 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\match1.JPG
[2011/05/12 20:32:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pgazisawanulam.dat
[2011/05/12 20:32:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lzabez.bin
[2011/05/12 20:31:02 | 000,017,490 | -HS- | C] () -- C:\Documents and Settings\bill kossmann\Local Settings\Application Data\5447h71364tv
[2011/05/12 20:31:02 | 000,017,490 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5447h71364tv
[2011/05/12 20:29:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bill kossmann\2gweorjqjutp92vjy9gake
[2011/05/12 14:39:20 | 000,795,361 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\Dyna photos 006.jpg
[2011/05/12 14:39:16 | 000,746,411 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\Dyna photos 002.jpg
[2011/05/12 14:39:12 | 001,462,566 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\Dyna photos 001.JPG
[2011/05/05 23:05:56 | 000,046,213 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\hd pipe mounts.jpg
[2011/05/03 01:23:21 | 000,155,050 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\2005 low rider.jpg
[2011/04/25 17:35:24 | 005,613,841 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00138.JPG
[2011/04/25 17:33:41 | 005,790,983 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00140.JPG
[2011/04/25 17:32:22 | 005,514,070 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00139.JPG
[2011/04/25 17:17:18 | 005,309,155 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00137.JPG
[2011/04/25 17:16:30 | 005,313,404 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00136.JPG
[2011/04/25 17:15:37 | 005,581,049 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00135.JPG
[2011/04/25 17:13:42 | 005,047,105 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00134.JPG
[2011/04/25 17:11:36 | 005,154,391 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00133.JPG
[2011/04/25 17:08:51 | 005,558,750 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00132.JPG
[2011/04/25 17:05:52 | 005,656,798 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\DSC00131.JPG
[2011/04/25 09:42:08 | 000,600,123 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\bag4.JPG
[2011/04/25 09:41:22 | 000,583,799 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\bag3.JPG
[2011/04/25 09:41:02 | 000,609,714 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\bag2.JPG
[2011/04/25 09:40:52 | 000,575,243 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\bag1.JPG
[2011/04/25 09:40:02 | 000,574,029 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\mirrors4.JPG
[2011/04/25 09:39:32 | 000,612,706 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\mirror3.JPG
[2011/04/25 09:39:12 | 000,593,302 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\mirrors2.JPG
[2011/04/25 09:38:46 | 000,585,866 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\mirrors1.JPG
[2011/04/25 09:26:40 | 000,564,256 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\seat4.JPG
[2011/04/25 09:25:42 | 000,622,331 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\seat3.JPG
[2011/04/25 09:12:32 | 000,587,488 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\sissy2.JPG
[2011/04/25 09:12:14 | 000,577,253 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\sissy1.JPG
[2011/04/25 09:06:32 | 000,605,285 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\stockpegs.JPG
[2011/04/25 09:04:52 | 000,583,752 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\dragbars.JPG
[2011/04/23 01:27:11 | 000,591,581 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\hd3.JPG
[2011/04/23 01:27:00 | 000,590,113 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\hd2.JPG
[2011/04/23 01:26:52 | 000,610,516 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Desktop\hd1.JPG
[2010/12/24 20:32:59 | 000,053,852 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/24 01:31:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/17 02:02:29 | 000,147,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/24 03:09:51 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Application Data\wklnhst.dat
[2009/08/16 22:29:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/16 18:12:39 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 00:45:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\bill kossmann\Local Settings\Application Data\fusioncache.dat
[2009/06/09 00:33:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/06/09 00:33:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/06/09 00:33:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/06/09 00:33:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/06/09 00:33:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/06/09 00:33:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/06/09 00:32:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2009/06/09 00:23:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/06/09 00:21:40 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/06/09 00:19:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/09 00:13:23 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/03/17 20:55:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/16 18:43:52 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/03/16 15:45:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/16 15:24:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/03/15 23:32:13 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2006/03/15 21:47:56 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/03/15 21:23:59 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/15 21:19:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/15 21:12:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/15 19:57:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/15 19:56:49 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/15 19:56:38 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/03/15 19:56:38 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/03/15 19:56:38 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/03/15 19:56:38 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/03/15 19:56:38 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/03/15 19:56:06 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2006/03/15 19:56:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/15 19:55:58 | 000,489,980 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/15 19:55:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/15 19:55:58 | 000,091,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/15 19:55:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/15 19:55:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/15 19:55:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/15 19:55:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/15 19:55:51 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/15 19:55:51 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/15 19:55:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/15 19:55:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/15 13:04:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/15 13:03:35 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/25 16:15:38 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/01 21:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

< End of report >
  • 0

Advertisements


#2
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
:)

Step 1.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    [2011/05/12 20:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mA06511FoJeK06511
    [2011/05/12 20:33:01 | 000,017,490 | -HS- | M] () -- C:\Documents and Settings\bill kossmann\Local Settings\Application Data\5447h71364tv
    [2011/05/12 20:33:01 | 000,017,490 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5447h71364tv
    [2011/05/12 20:32:03 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pgazisawanulam.dat
    [2011/05/12 20:32:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lzabez.bin
    [2011/05/12 20:29:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bill kossmann\2gweorjqjutp92vjy9gake
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog


Step 2.
DDS:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Step 3.
GMER:

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Disable your onboard Anti Virus and any other Active protection programs you have installed. If you are unsure how to do this, see this link.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please note:

If (and only if) there are problems using gmer as indicated above, run the scan with ONLY the Sections and C drive boxes ticked.

Posted Image
Click the image to enlarge it

  • Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click the gmer.exe file.
  • The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No, then select ONLY the Sections and C drive boxes. Click on Scan and wait for it to finish.
  • Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in reply


Step 4.
Things I would like to see in your reply:

  • The content of the fixlog from OTL in step 1.
  • The content of Extras.txt on your desktop.
  • The content of DDS.txt from step 2.
  • The file Attach.txt from DDS in step 2 attached.
  • The content of the log from GMER in step 3.
  • Information on how your computer is running after those steps.

  • 0

#3
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP