Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removed XP Total Security 2011; Lingering Problems

Started by idrawstuff , May 19 2011 10:30 AM

  • This topic is locked This topic is locked

#16
idrawstuff
Posted 24 May 2011 - 10:12 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
OTL fix seems to have hung up my computer. How long should I wait before I try a hard shutdown? It's been about ten minutes now.
  • 0

Advertisements

#17
idrawstuff
Posted 24 May 2011 - 10:12 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
OTL fix seems to have hung up my computer. How long should I wait before I try a hard shutdown? It's been about ten minutes now.
  • 0

#18
idrawstuff
Posted 24 May 2011 - 10:13 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Sorry about the duplicat posts, replying from my Droid :-(
  • 0

#19
michaelg9
Posted 24 May 2011 - 10:27 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
If it's still there, please terminate it and run again and tell me what happens
  • 0

#20
idrawstuff
Posted 24 May 2011 - 10:30 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Ended the job via task manager, but had no start menu or desktop icons. Rebooted from the ctrl-alt-del menu, and preparing to rerun. I'll let you know what happens next.
  • 0

#21
idrawstuff
Posted 24 May 2011 - 10:31 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Sorry, should have read no taskbar, not no start menu.
  • 0

#22
idrawstuff
Posted 24 May 2011 - 10:55 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
It hung up again; this time it got as far as O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll () before it became non-responsive. Same symptoms.

Should I try it from safe mode?
  • 0

#23
idrawstuff
Posted 24 May 2011 - 11:17 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hung up at the same place in safe mode too :-(
  • 0

#24
michaelg9
Posted 24 May 2011 - 12:41 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Please try to limit the number of sequential posts (not the information :) ) because it's getting my inbox full. You can edit a post to add some information you forgot

Ok, let's try another fix to see.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (itlperf)
    DRV - [2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ethqoots.sys --
    (ethqoots)
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [Google Update] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\itlnfw32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
    O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
    O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
    O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = H:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\AutoRun\command - "" = Autorun.exe /run
    O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell00\Command - "" = Autorun.exe /run
    O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell01\Command - "" = Autorun.exe /action
    O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
    [2011/05/19 08:19:35 | 000,134,656 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
    [2011/05/24 08:05:30 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\vcbpjdj.job
    [2011/05/19 11:57:22 | 000,013,520 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
    [2011/05/19 11:57:22 | 000,013,520 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
    [2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
    [2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
    [2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
    [2011/05/19 11:55:13 | 000,013,520 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
    [2011/05/19 11:55:13 | 000,013,520 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
    [2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
    [2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
    [2011/05/18 11:56:32 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\vcbpjdj.job

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:
File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\WINDOWS\System32\chg.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#25
idrawstuff
Posted 24 May 2011 - 02:43 PM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Sorry about that, I'll try harder to keep my replies in single posts :-P

Two bits of bad news though: the new fix won't work either. Same symptoms, both regularly logged in and in safe mode. I even tried to login as administrator (my account is an administrative account as well, but I figured you never know if something was misconfigured permissions-wise). The new scan hangs up at:

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

Also, I tried the VirSCAN.org scan, but it wouldn't let me just paste that path into the search bar (instead a select file menu comes up). C:\WINDOWS\System32\chg.exe does not exist on my computer. I verified that I could view hidden files at the time.

Edited by idrawstuff, 24 May 2011 - 02:44 PM.

  • 0

Advertisements

#26
michaelg9
Posted 24 May 2011 - 02:52 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

That's getting a little strange. Try the fix without that line. So the new OTL fix will be:

:OTL
SRV - File not found [Auto | Stopped] -- -- (itlperf)
DRV - [2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ethqoots.sys --
(ethqoots)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Google Update] File not found
O20 - Winlogon\Notify\itlnfw32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell - "" = AutoRun
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17059130-3900-11df-9648-0021863b0441}\Shell\AutoRun\command - "" = H:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
[2011/05/19 08:19:35 | 000,134,656 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
[2011/05/24 08:05:30 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\vcbpjdj.job
[2011/05/19 11:57:22 | 000,013,520 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
[2011/05/19 11:57:22 | 000,013,520 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
[2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ethqoots.sys
[2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 13:06:39 | 000,015,684 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
[2011/05/19 11:55:13 | 000,013,520 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
[2011/05/19 11:55:13 | 000,013,520 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt
[2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 12:04:08 | 000,015,684 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs
[2011/05/18 11:56:32 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\vcbpjdj.job

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]



Next:
At the virscan, when the select file menu opens, paste that location in the address bar and click open. That will accept it if it's there. If you still can't select it, tell me
  • 0

#27
idrawstuff
Posted 24 May 2011 - 11:55 PM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Haha, it still wasn't working at first, but I figured out what was wrong. It didn't help that I gave you bogus information.

The lines I thought the OTL Runfix were stopping on? I was totally wrong, those were just the last lines I was seeing in the window. Down at the bottom, in the grey border where it tells you what's PROCESSING? It turns out I was getting hung up at nearly the beginning, at "DRV - [2011/05/19 08:19:35 | 000,134,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ethqoots.sys --"

I compared it with my original OTL file and guessed that there wasn't supposed to be a line break between that and "(ethqoots)" (which is how all my browsers were displaying it), so I backspaced over the line break and reran the code, and it took. Here's my Quickscan log:

All processes killed
========== OTL ==========
Error: No service named itlperf was found to stop!
Service\Driver key itlperf not found.
Service ethqoots stopped successfully!
Service ethqoots deleted successfully!
C:\WINDOWS\system32\drivers\ethqoots.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlntfy\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1705912c-3900-11df-9648-0021863b0441}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1705912c-3900-11df-9648-0021863b0441}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1705912c-3900-11df-9648-0021863b0441}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1705912c-3900-11df-9648-0021863b0441}\ not found.
File G:\VZAccess_Manager.exe /z detect not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17059130-3900-11df-9648-0021863b0441}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17059130-3900-11df-9648-0021863b0441}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17059130-3900-11df-9648-0021863b0441}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17059130-3900-11df-9648-0021863b0441}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17059130-3900-11df-9648-0021863b0441}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17059130-3900-11df-9648-0021863b0441}\ not found.
File H:\VZAccess_Manager.exe /z detect not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534088e4-d40e-11de-9590-0021863b0441}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534088e4-d40e-11de-9590-0021863b0441}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534088e4-d40e-11de-9590-0021863b0441}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{534088e4-d40e-11de-9590-0021863b0441}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534088e4-d40e-11de-9590-0021863b0441}\ not found.
File C:\WINDOWS\System32\drivers\ethqoots.sys not found.
C:\WINDOWS\tasks\vcbpjdj.job moved successfully.
C:\Documents and Settings\mike.DTB\Local Settings\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt moved successfully.
C:\Documents and Settings\All Users\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt moved successfully.
File C:\WINDOWS\System32\drivers\ethqoots.sys not found.
C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs moved successfully.
C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs moved successfully.
File C:\Documents and Settings\mike.DTB\Local Settings\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt not found.
File C:\Documents and Settings\All Users\Application Data\jdvto4w410l0ws4gq1vkmu127rc8r2auwt not found.
File C:\Documents and Settings\mike.DTB\Local Settings\Application Data\pk6t46aijo7k85vl803qs not found.
File C:\Documents and Settings\All Users\Application Data\pk6t46aijo7k85vl803qs not found.
File C:\WINDOWS\tasks\vcbpjdj.job not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 348 bytes

User: Administrator.DOUGLASS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: administrator.DTB
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4493900 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4489350 bytes
->Flash cache emptied: 16938 bytes

User: mike

User: mike.DTB
->Temp folder emptied: 11070716 bytes
->Temporary Internet Files folder emptied: 10769842 bytes
->Java cache emptied: 836981 bytes
->FireFox cache emptied: 54198665 bytes
->Google Chrome cache emptied: 6180672 bytes
->Flash cache emptied: 494386 bytes

User: mike.new
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 43984 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34282187 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 80239619 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 198.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.DOUGLASS

User: administrator.DTB
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: mike

User: mike.DTB
->Flash cache emptied: 0 bytes

User: mike.new

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05242011_224238

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\mike.DTB\Local Settings\Temporary Internet Files\Content.IE5\VDD3EXP4\k,RightMiddle,x1,x2,x3,x50,x82,x85,x86,x87,x90,x107,TradingCenter1,TradingCenter2,TradingCenter3,TradingCenter4,LeftBottom,LeftBottom2,LeftBottom3,LeftBottom4,Loge[1] not found!
File\Folder C:\Documents and Settings\mike.DTB\Local Settings\Temporary Internet Files\Content.IE5\UJOAJRHA\0%2F%2A%24,http%3A%2F%2Finsider.msg.yahoo.com%2Fclient_ad.php%3Fp%3D113214%26fmt%3D2.0%26intl%3Dus%26os%3Dwin%26ver%3D10.0.0.1258%26lang%3Den-us%26bkt%3Dtxt1[1].htm not found!

Registry entries deleted on Reboot...


I did retry Virscan though and even with the copy/paste method it didn't work :-(

Also, whatever you did made my computer run quieter. There's a fan that's been going CRAZY since I got infected, but it's much quieter now.

Edited by idrawstuff, 24 May 2011 - 11:57 PM.

  • 0

#28
michaelg9
Posted 25 May 2011 - 03:08 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Nice job on figuring out that, that was actually my fault as I see, I put an extra break line in that entry. However, OTL shouldn't stall though, just output error in the fix log. :)

Please open OTL and click the quick scan button, and paste the log here.


Next:
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#29
idrawstuff
Posted 25 May 2011 - 09:35 AM

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Here's my OTL Quick Scan; my MBAM installation is new (just downloaded it Thursday and updated it as recently as Sunday). Will I be okay just updating my current installation, or should I download a copy and just start fresh? Also, should I run it in safe mode?

OTL logfile created on: 5/25/2011 8:27:26 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\mike.DTB\Desktop\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 103.31 Gb Free Space | 46.27% Space Free | Partition Type: NTFS
Drive E: | 9.59 Gb Total Space | 9.33 Gb Free Space | 97.33% Space Free | Partition Type: NTFS
Drive P: | 224.57 Gb Total Space | 133.64 Gb Free Space | 59.51% Space Free | Partition Type: NTFS
Drive R: | 224.57 Gb Total Space | 133.64 Gb Free Space | 59.51% Space Free | Partition Type: NTFS
Drive S: | 224.57 Gb Total Space | 133.64 Gb Free Space | 59.51% Space Free | Partition Type: NTFS

Computer Name: MIKE-LT | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 08:29:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\Virus Removal\OTL.exe
PRC - [2011/05/08 22:38:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/21 13:03:40 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/22 10:21:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/23 20:55:18 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 08:29:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\Virus Removal\OTL.exe
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/02/06 15:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FirebirdServerDefaultInstance)
SRV - [2009/11/13 04:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/12 20:43:55 | 000,155,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\imapihp.exe -- (ImapiService)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/23 21:00:54 | 000,065,536 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2007/06/08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/03/14 17:30:51 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/21 14:02:46 | 002,363,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/28 07:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/02/14 07:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 07:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 07:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 07:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 07:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 07:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/30 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 22:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 15:58:01 | 000,000,000 | ---D | M]

[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions
[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions\[email protected]
[2011/05/08 13:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions
[2010/09/10 08:12:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/26 15:18:00 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/03/15 22:09:10 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\searchplugins\live-search.xml
[2011/05/08 13:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 09:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/03/18 19:08:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/08 22:38:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/29 20:14:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2011/05/08 22:38:48 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/24 22:42:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} http://weatherguard...._downloader.cab (WEATHER GUARD Vehicle Solutions Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229627490044 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} https://evalue.inter...nloads/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DTB.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\itlnfw32: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\itlntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 13:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/20 08:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Application Data\SUPERAntiSpyware.com
[2011/05/20 08:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/20 08:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/20 08:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/19 09:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Virus Removal
[2011/05/18 12:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Application Data\Skype
[2011/05/17 08:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\PG&E Winch Pics
[2011/05/11 21:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Emily
[2011/05/09 11:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Project Files
[2011/05/08 11:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Lydia Monthly Pics
[2011/05/03 08:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Desktop\Bids Due

========== Files - Modified Within 30 Days ==========

[2011/05/25 08:15:57 | 000,001,004 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/05/25 08:14:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 08:14:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 08:13:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/25 08:12:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 08:12:38 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 22:48:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/24 20:09:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 19:38:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135UA.job
[2011/05/23 15:54:47 | 001,048,439 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\VID-20110523-00000.3GP
[2011/05/22 21:12:36 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/05/22 21:12:23 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/20 08:19:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/19 11:19:43 | 001,997,006 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\ED4-77.pdf
[2011/05/17 11:26:43 | 006,791,732 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\CWS Order Book Revision 5L.pdf
[2011/05/16 23:38:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135Core.job
[2011/05/16 19:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/15 23:57:48 | 001,256,617 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Chevron Crack.JPG
[2011/05/15 20:47:52 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 22:35:59 | 000,002,202 | ---- | M] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2011/05/11 22:10:16 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/08 22:39:08 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/05/25 08:12:38 | 2146,750,464 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/23 15:54:47 | 001,048,439 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\VID-20110523-00000.3GP
[2011/05/22 21:12:36 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/05/22 21:12:23 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/20 08:19:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/19 11:19:24 | 001,997,006 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\ED4-77.pdf
[2011/05/17 11:26:41 | 006,791,732 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CWS Order Book Revision 5L.pdf
[2011/05/15 23:57:48 | 001,256,617 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Chevron Crack.JPG
[2011/05/11 22:35:59 | 000,002,202 | ---- | C] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2011/05/08 22:39:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/14 17:46:16 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011/03/03 17:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/16 01:13:37 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/19 07:32:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/20 18:55:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/20 18:55:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/01 08:03:24 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\setup_ldm.iss
[2009/01/25 15:07:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Static Library
[2009/01/25 15:07:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Sports
[2009/01/25 15:07:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/11/25 14:36:26 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/21 18:31:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/17 13:50:44 | 000,001,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/10/17 13:50:44 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4D0C8ED9CB.sys
[2008/10/16 15:52:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/16 13:17:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/10/16 13:07:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2008/10/15 11:05:25 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/10/15 01:01:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/15 01:01:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/15 01:01:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/15 01:01:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/15 01:01:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/15 01:01:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/12 20:19:33 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/02/12 20:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/01/14 17:55:22 | 000,571,320 | ---- | C] () -- C:\WINDOWS\HPISExe.dat
[2008/01/14 17:54:04 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/21 13:33:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/07/21 13:33:32 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/07/21 13:33:32 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/06/12 05:30:04 | 000,151,367 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/06/08 10:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 06:19:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:14:52 | 000,503,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:14:52 | 000,093,662 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:07:40 | 000,465,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 06:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:59:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/10/17 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2010/06/24 08:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/11/12 09:11:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/25 15:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/04/30 10:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/25 15:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/09/29 20:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/25 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Image Utility
[2010/07/30 12:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/20 20:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/25 15:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/18 20:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\winLAME
[2010/04/03 15:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 17:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/17 13:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\ACT
[2011/04/05 14:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Add-in Express
[2010/03/03 19:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\EuroTalk
[2011/05/11 21:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\gtk-2.0
[2009/06/14 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\InterVideo
[2008/10/17 13:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\IsolatedStorage
[2009/04/08 22:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Mp3tag
[2009/01/25 17:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Nikon
[2008/02/12 20:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\SampleView
[2008/12/24 20:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Snapfish
[2009/01/20 20:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\TomTom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

< End of report >

Edited by idrawstuff, 25 May 2011 - 09:35 AM.

  • 0

#30
michaelg9
Posted 25 May 2011 - 11:39 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
Just update it and run it in normal mode
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP