Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect/Trojan.Tracur/Trojan.Downloader


  • This topic is locked This topic is locked

#1
StupidTrojans2

StupidTrojans2

    Member

  • Member
  • PipPip
  • 21 posts
Microsoft Security Essentials and MBAM scans show that I have a Trojan.Tracur & Trojan.Downloader infection. The computer itself seems to be running fine so far, the only problem I have encountered is google redirecting which I am sure can lead to alot of other bad things. Please help.


Here is my OTL Log



OTL logfile created on: 6/23/2011 9:18:33 AM - Run 6
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Christopher Nova\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 335.77 Mb Available Physical Memory | 32.86% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 78.28 Gb Free Space | 53.63% Space Free | Partition Type: NTFS

Computer Name: RECEPTION | User Name: Christopher Nova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
PRC - [2011/06/21 09:46:33 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/26 12:45:25 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/12 13:48:48 | 000,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 10:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/03/24 16:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/04/06 06:28:46 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/22 12:42:30 | 000,561,664 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\scarddlg32.exe -- (NtmsSvc32)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/06/23 09:11:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5450217A-0633-4ADE-B1BF-1CDEFF156440}\MpKslc615c5a8.sys -- (MpKslc615c5a8)
DRV - [2011/03/25 09:32:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/01 09:28:28 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/02 19:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5070509
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 31 61 15 92 0E E4 44 B6 04 A0 E8 D6 42 00 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/05/29 09:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 11:53:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/17 11:53:15 | 000,000,000 | ---D | M]

[2010/01/27 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Extensions
[2011/06/23 09:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions
[2010/04/28 09:23:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/13 16:51:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/22 13:43:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}
[2011/06/22 16:04:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}
[2011/06/23 09:14:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}
[2011/06/13 13:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 14:05:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/05/29 09:10:58 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/30 11:11:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CHRISTOPHER NOVA\APPLICATION DATA\MOVE NETWORKS
[2010/04/20 14:05:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/20 14:05:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/26 11:16:08 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/05/31 10:08:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {156131D7-0E92-44E4-B604-A0E8D6420097} - C:\WINDOWS\system32\ativvaxx32.dll (CrypKey Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} http://192.168.1.244...ctiveXSetup.exe (Softwell_DVR_Monitor.monitor)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.243.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 13:15:20 | 000,172,032 | -HS- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\loadperf32.dll
[2011/06/22 12:42:30 | 000,351,232 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/06/09 14:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Desktop\new job pics
[2011/06/01 14:45:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/01 09:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/31 10:00:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/31 09:56:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Christopher Nova\Start Menu\Programs\Administrative Tools
[2011/05/31 09:45:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/27 14:26:54 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
[2011/05/27 14:09:06 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Christopher Nova\Desktop\TDSSKiller.exe
[2011/05/27 14:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Desktop\GooredFix Backups
[2011/05/27 14:01:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Christopher Nova\Desktop\GooredFix.exe
[2011/05/27 13:50:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/27 11:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/26 14:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/26 14:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/26 11:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/26 09:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/26 09:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2003/04/09 23:44:06 | 000,229,376 | ---- | C] ( ) -- C:\WINDOWS\System32\mpeg4xvid.dll
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
[2011/06/23 09:16:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/23 09:12:49 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/23 09:11:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 09:11:25 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 13:15:21 | 000,172,032 | -HS- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\loadperf32.dll
[2011/06/22 13:15:21 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\920087131
[2011/06/22 12:42:30 | 000,561,664 | ---- | M] () -- C:\WINDOWS\System32\scarddlg32.exe
[2011/06/22 12:42:30 | 000,561,664 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx32.exe
[2011/06/22 12:42:30 | 000,561,664 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\0.4428124794821999.exe
[2011/06/22 12:42:30 | 000,351,232 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\ativvaxx32.dll
[2011/06/20 10:06:40 | 000,466,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 10:06:40 | 000,080,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/20 09:03:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/17 12:30:48 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 10:07:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:16:23 | 000,473,173 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\S&J Schofield.jpg
[2011/06/10 11:08:40 | 001,037,862 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech3.jpg
[2011/06/10 11:07:36 | 001,026,194 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech2.jpg
[2011/06/10 11:06:18 | 000,954,461 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech1.jpg
[2011/06/01 14:53:27 | 000,009,386 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/06/01 14:53:21 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\6CD50CB597.sys
[2011/05/31 10:08:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/31 10:01:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 14:08:34 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\tdsskiller.zip
[2011/05/27 14:01:03 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Christopher Nova\Desktop\GooredFix.exe
[2011/05/27 12:37:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Christopher Nova\Desktop\TDSSKiller.exe
[2011/05/24 13:41:01 | 000,043,961 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\inv 216 31 Schofield Street Bronx NY.pdf
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 12:42:35 | 000,561,664 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx32.exe
[2011/06/22 12:42:33 | 000,561,664 | ---- | C] () -- C:\WINDOWS\System32\scarddlg32.exe
[2011/06/22 12:42:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\920087131
[2011/06/22 12:42:27 | 000,561,664 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\0.4428124794821999.exe
[2011/06/15 14:15:17 | 000,473,173 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\S&J Schofield.jpg
[2011/06/10 15:07:45 | 001,037,862 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech3.jpg
[2011/06/10 15:06:36 | 001,026,194 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech2.jpg
[2011/06/10 15:05:13 | 000,954,461 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech1.jpg
[2011/06/01 14:53:20 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6CD50CB597.sys
[2011/05/31 10:26:35 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/27 14:08:26 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\tdsskiller.zip
[2011/05/26 13:10:59 | 1071,562,752 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/24 13:41:01 | 000,043,961 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\inv 216 31 Schofield Street Bronx NY.pdf
[2011/04/26 08:52:07 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\test
[2010/02/25 15:15:36 | 000,029,902 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\Tab Separated Values (Windows).ADR
[2010/01/26 12:46:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2010/01/26 12:46:01 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2010/01/26 12:46:01 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2010/01/26 12:29:23 | 000,053,990 | ---- | C] () -- C:\WINDOWS\hppins01.dat.temp
[2010/01/26 12:29:23 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat.temp
[2010/01/26 12:15:16 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
[2010/01/19 14:27:25 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2009/11/04 13:55:11 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/24 11:26:18 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\dvd.bmk
[2009/05/05 11:53:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/22 11:52:48 | 000,003,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/08/20 11:04:33 | 000,000,262 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/07/14 16:16:20 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/30 13:22:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/30 13:18:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/29 15:36:59 | 000,000,138 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2007/10/18 10:10:01 | 000,009,386 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/05 11:32:26 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/09/05 11:32:02 | 000,001,606 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/09/05 11:31:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2007/09/05 11:31:49 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2007/08/02 09:06:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/31 10:49:33 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/16 13:52:01 | 000,094,289 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2007/07/16 13:52:01 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2007/06/12 14:00:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/17 08:49:11 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\fusioncache.dat
[2007/05/09 12:21:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/09 12:15:43 | 000,001,347 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/09 11:50:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/05/09 11:50:28 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/05/09 11:49:20 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/27 16:34:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/12/27 16:34:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/08/03 02:52:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DvrSetup.dll
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,466,880 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,080,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/07 00:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== LOP Check ==========

[2008/02/20 15:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/01/19 14:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2008/07/24 09:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/01/19 13:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/08/02 09:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/09 12:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/08 11:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/14 12:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\ManyCam
[2010/04/21 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Desktop Search
[2010/05/13 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Search
[2011/06/23 09:16:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi StupidTrojans2 :welcome

Sorry for the delay

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

I need a new OTL log for your system.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#3
StupidTrojans2

StupidTrojans2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey thanks for the reply, here is the new OTL log.





OTL logfile created on: 6/28/2011 9:49:58 AM - Run 7
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Christopher Nova\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 439.93 Mb Available Physical Memory | 43.05% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 78.33 Gb Free Space | 53.67% Space Free | Partition Type: NTFS

Computer Name: RECEPTION | User Name: Christopher Nova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
PRC - [2011/06/21 09:46:33 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/26 12:45:25 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/12 13:48:48 | 000,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 10:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/03/24 16:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/04/06 06:28:46 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NtmsSvc32)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/06/28 09:42:49 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C0A8252-7BB9-42B5-ADEE-307D45463D9F}\MpKsl0d24690e.sys -- (MpKsl0d24690e)
DRV - [2011/03/25 09:32:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/01 09:28:28 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/02 19:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5070509
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 31 61 15 92 0E E4 44 B6 04 A0 E8 D6 42 00 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {5a2e3e23-132d-4788-ac21-846ec94f5129}:1.0
FF - prefs.js..extensions.enabledItems: {dbc3168f-8d83-48d3-8d05-fd079a760262}:1.0
FF - prefs.js..extensions.enabledItems: {e339129b-3ebe-4aa3-a5e8-b2112d15e27f}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/05/29 09:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 11:53:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/17 11:53:15 | 000,000,000 | ---D | M]

[2010/01/27 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Extensions
[2011/06/23 12:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions
[2010/04/28 09:23:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/13 16:51:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/22 13:43:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}
[2011/06/22 16:04:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}
[2011/06/28 09:17:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}
[2011/06/23 12:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 14:05:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/05/29 09:10:58 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/30 11:11:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CHRISTOPHER NOVA\APPLICATION DATA\MOVE NETWORKS
[2010/04/20 14:05:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/20 14:05:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/26 11:16:08 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/05/31 10:08:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} http://192.168.1.244...ctiveXSetup.exe (Softwell_DVR_Monitor.monitor)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.243.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 14:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Desktop\new job pics
[2011/06/01 14:45:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/01 09:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/31 10:00:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/31 09:56:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Christopher Nova\Start Menu\Programs\Administrative Tools
[2011/05/31 09:45:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2003/04/09 23:44:06 | 000,229,376 | ---- | C] ( ) -- C:\WINDOWS\System32\mpeg4xvid.dll
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/28 09:47:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/28 09:47:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/28 09:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 09:42:36 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/27 08:51:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
[2011/06/22 13:15:21 | 000,172,032 | -HS- | M] () -- C:\WINDOWS\System32\loadperf32.dll
[2011/06/22 13:15:21 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\920087131
[2011/06/20 10:06:40 | 000,466,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 10:06:40 | 000,080,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 12:30:48 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 10:07:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:16:23 | 000,473,173 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\S&J Schofield.jpg
[2011/06/10 11:08:40 | 001,037,862 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech3.jpg
[2011/06/10 11:07:36 | 001,026,194 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech2.jpg
[2011/06/10 11:06:18 | 000,954,461 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech1.jpg
[2011/06/01 14:53:27 | 000,009,386 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/06/01 14:53:21 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\6CD50CB597.sys
[2011/05/31 10:08:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/31 10:01:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 13:15:20 | 000,172,032 | -HS- | C] () -- C:\WINDOWS\System32\loadperf32.dll
[2011/06/22 12:42:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\920087131
[2011/06/15 14:15:17 | 000,473,173 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\S&J Schofield.jpg
[2011/06/10 15:07:45 | 001,037,862 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech3.jpg
[2011/06/10 15:06:36 | 001,026,194 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech2.jpg
[2011/06/10 15:05:13 | 000,954,461 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech1.jpg
[2011/06/01 14:53:20 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6CD50CB597.sys
[2011/05/31 10:26:35 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/26 08:52:07 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\test
[2010/02/25 15:15:36 | 000,029,902 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\Tab Separated Values (Windows).ADR
[2010/01/26 12:46:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2010/01/26 12:46:01 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2010/01/26 12:46:01 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2010/01/26 12:29:23 | 000,053,990 | ---- | C] () -- C:\WINDOWS\hppins01.dat.temp
[2010/01/26 12:29:23 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat.temp
[2010/01/26 12:15:16 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
[2010/01/19 14:27:25 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2009/11/04 13:55:11 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/24 11:26:18 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\dvd.bmk
[2009/05/05 11:53:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/22 11:52:48 | 000,003,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/08/20 11:04:33 | 000,000,262 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/07/14 16:16:20 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/30 13:22:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/30 13:18:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/29 15:36:59 | 000,000,138 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2007/10/18 10:10:01 | 000,009,386 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/05 11:32:26 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/09/05 11:32:02 | 000,001,606 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/09/05 11:31:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2007/09/05 11:31:49 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2007/08/02 09:06:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/31 10:49:33 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/16 13:52:01 | 000,094,289 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2007/07/16 13:52:01 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2007/06/12 14:00:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/17 08:49:11 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\fusioncache.dat
[2007/05/09 12:21:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/09 12:15:43 | 000,001,347 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/09 11:50:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/05/09 11:50:28 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/05/09 11:49:20 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/27 16:34:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/12/27 16:34:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/08/03 02:52:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DvrSetup.dll
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,466,880 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,080,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/07 00:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== LOP Check ==========

[2008/02/20 15:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/01/19 14:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2008/07/24 09:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/01/19 13:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/08/02 09:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/09 12:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/08 11:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/14 12:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\ManyCam
[2010/04/21 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Desktop Search
[2010/05/13 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Search
[2011/06/28 09:47:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    2011/06/22 13:15:21 | 000,172,032 | -HS- | M] () -- C:\WINDOWS\System32\loadperf32.dll
    [2011/06/22 13:15:21 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\920087131
    [2007/08/02 09:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#5
StupidTrojans2

StupidTrojans2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the OTL log. I will have the combofix log in a few minutes.



OTL logfile created on: 6/29/2011 9:28:49 AM - Run 8
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Christopher Nova\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 342.31 Mb Available Physical Memory | 33.50% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 78.54 Gb Free Space | 53.81% Space Free | Partition Type: NTFS

Computer Name: RECEPTION | User Name: Christopher Nova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
PRC - [2011/06/21 09:46:33 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/26 12:45:25 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/12 13:48:48 | 000,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 10:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/03/24 16:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/04/06 06:28:46 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NtmsSvc32)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/06/29 09:26:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E069C58-F32C-4D0E-9985-EB87574AE4FE}\MpKslbdd95cbc.sys -- (MpKslbdd95cbc)
DRV - [2011/03/25 09:32:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/01 09:28:28 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/02 19:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5070509
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 31 61 15 92 0E E4 44 B6 04 A0 E8 D6 42 00 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {5a2e3e23-132d-4788-ac21-846ec94f5129}:1.0
FF - prefs.js..extensions.enabledItems: {dbc3168f-8d83-48d3-8d05-fd079a760262}:1.0
FF - prefs.js..extensions.enabledItems: {e339129b-3ebe-4aa3-a5e8-b2112d15e27f}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/05/29 09:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 11:53:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/17 11:53:15 | 000,000,000 | ---D | M]

[2010/01/27 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Extensions
[2011/06/23 12:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions
[2010/04/28 09:23:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/13 16:51:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/22 13:43:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}
[2011/06/22 16:04:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}
[2011/06/28 09:17:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}
[2011/06/23 12:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 14:05:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/05/29 09:10:58 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/30 11:11:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CHRISTOPHER NOVA\APPLICATION DATA\MOVE NETWORKS
[2010/04/20 14:05:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/20 14:05:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/26 11:16:08 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/06/28 16:23:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} http://192.168.1.244...ctiveXSetup.exe (Softwell_DVR_Monitor.monitor)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.243.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 14:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Desktop\new job pics
[2011/06/01 14:45:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/01 09:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/31 10:00:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/31 09:56:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Christopher Nova\Start Menu\Programs\Administrative Tools
[2011/05/31 09:45:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2003/04/09 23:44:06 | 000,229,376 | ---- | C] ( ) -- C:\WINDOWS\System32\mpeg4xvid.dll
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/29 09:20:57 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/29 09:16:47 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/29 09:15:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/29 09:15:44 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 16:23:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/27 08:51:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
[2011/06/20 10:06:40 | 000,466,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 10:06:40 | 000,080,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 12:30:48 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 10:07:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:16:23 | 000,473,173 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\S&J Schofield.jpg
[2011/06/10 11:08:40 | 001,037,862 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech3.jpg
[2011/06/10 11:07:36 | 001,026,194 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech2.jpg
[2011/06/10 11:06:18 | 000,954,461 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech1.jpg
[2011/06/01 14:53:27 | 000,009,386 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/06/01 14:53:21 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\6CD50CB597.sys
[2011/05/31 10:01:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 14:15:17 | 000,473,173 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\S&J Schofield.jpg
[2011/06/10 15:07:45 | 001,037,862 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech3.jpg
[2011/06/10 15:06:36 | 001,026,194 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech2.jpg
[2011/06/10 15:05:13 | 000,954,461 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\InnoTech1.jpg
[2011/06/01 14:53:20 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6CD50CB597.sys
[2011/05/31 10:26:35 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/26 08:52:07 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\test
[2010/02/25 15:15:36 | 000,029,902 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\Tab Separated Values (Windows).ADR
[2010/01/26 12:46:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2010/01/26 12:46:01 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2010/01/26 12:46:01 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2010/01/26 12:29:23 | 000,053,990 | ---- | C] () -- C:\WINDOWS\hppins01.dat.temp
[2010/01/26 12:29:23 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat.temp
[2010/01/26 12:15:16 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
[2010/01/19 14:27:25 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2009/11/04 13:55:11 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/24 11:26:18 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\dvd.bmk
[2009/05/05 11:53:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/22 11:52:48 | 000,003,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/08/20 11:04:33 | 000,000,262 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/07/14 16:16:20 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/30 13:22:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/30 13:18:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/29 15:36:59 | 000,000,138 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2007/10/18 10:10:01 | 000,009,386 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/05 11:32:26 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/09/05 11:32:02 | 000,001,606 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/09/05 11:31:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2007/09/05 11:31:49 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2007/08/02 09:06:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/31 10:49:33 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/16 13:52:01 | 000,094,289 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2007/07/16 13:52:01 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2007/06/12 14:00:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/17 08:49:11 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\fusioncache.dat
[2007/05/09 12:21:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/09 12:15:43 | 000,001,347 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/09 11:50:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/05/09 11:50:28 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/05/09 11:49:20 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/27 16:34:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/12/27 16:34:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/08/03 02:52:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DvrSetup.dll
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,466,880 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,080,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/07 00:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== LOP Check ==========

[2008/02/20 15:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/01/19 14:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2008/07/24 09:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/01/19 13:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/07/09 12:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/08 11:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/14 12:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\ManyCam
[2010/04/21 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Desktop Search
[2010/05/13 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Search
[2011/06/29 09:20:57 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

#6
StupidTrojans2

StupidTrojans2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the Combofix log




ComboFix 11-06-29.03 - Christopher Nova 06/29/2011 10:31:40.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.348 [GMT -4:00]
Running from: c:\documents and settings\Christopher Nova\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome.manifest
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome\xulcache.jar
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\defaults\preferences\xulcache.js
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\install.rdf
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome.manifest
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome\xulcache.jar
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\defaults\preferences\xulcache.js
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\install.rdf
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome.manifest
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome\xulcache.jar
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\defaults\preferences\xulcache.js
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\install.rdf
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome.manifest
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome\xulcache.jar
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\defaults\preferences\xulcache.js
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\install.rdf
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome.manifest
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome\xulcache.jar
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\defaults\preferences\xulcache.js
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\install.rdf
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome.manifest
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome\xulcache.jar
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\defaults\preferences\xulcache.js
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\install.rdf
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome.manifest
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome\xulcache.jar
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\defaults\preferences\xulcache.js
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\install.rdf
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome.manifest
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome\xulcache.jar
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\defaults\preferences\xulcache.js
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\install.rdf
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome.manifest
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome\xulcache.jar
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\defaults\preferences\xulcache.js
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\install.rdf
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome.manifest
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome\xulcache.jar
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\defaults\preferences\xulcache.js
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\install.rdf
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome.manifest
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome\xulcache.jar
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\defaults\preferences\xulcache.js
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\install.rdf
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome.manifest
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome\xulcache.jar
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\defaults\preferences\xulcache.js
c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\install.rdf
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome.manifest
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\chrome\xulcache.jar
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\defaults\preferences\xulcache.js
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{5a2e3e23-132d-4788-ac21-846ec94f5129}\install.rdf
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome.manifest
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\chrome\xulcache.jar
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\defaults\preferences\xulcache.js
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{dbc3168f-8d83-48d3-8d05-fd079a760262}\install.rdf
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome.manifest
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\chrome\xulcache.jar
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\defaults\preferences\xulcache.js
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{e339129b-3ebe-4aa3-a5e8-b2112d15e27f}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
.
.
2011-06-29 14:00 . 2011-06-29 14:00 -------- d-----w- c:\windows\LastGood
2011-06-29 13:26 . 2011-06-29 13:26 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E069C58-F32C-4D0E-9985-EB87574AE4FE}\MpKslbdd95cbc.sys
2011-06-29 13:26 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E069C58-F32C-4D0E-9985-EB87574AE4FE}\mpengine.dll
2011-06-22 17:05 . 2011-06-22 17:05 0 ---ha-w- c:\documents and settings\Christopher Nova\poolrqwpsq.tmp
2011-06-16 12:55 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-01 18:53 . 2011-06-01 18:53 88 --sh--r- c:\windows\system32\6CD50CB597.sys
2011-06-01 13:26 . 2011-06-01 13:26 -------- d-----w- c:\program files\ESET
2011-05-31 13:45 . 2011-05-31 13:45 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2010-08-23 13:16 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2011-04-29 17:25 151552 ----a-w- c:\windows\system32\SET62.tmp
2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-21 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2010-1-19 921707]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 14:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-08-14 18:20 462336 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-05-09 16:16 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I.R.I.S. Desktop Search]
2006-01-11 13:37 5193512 ----a-w- c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 08:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-30 13:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqgalry.exe"=
"c:\\Documents and Settings\\Christopher Nova\\Desktop\\nes\\VirtuaNES.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/13/2009 8:48 AM 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2011 8:49 AM 691696]
R1 MpKslbdd95cbc;MpKslbdd95cbc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E069C58-F32C-4D0E-9985-EB87574AE4FE}\MpKslbdd95cbc.sys [6/29/2011 9:26 AM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 9:24 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 67656]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [1/19/2010 2:27 PM 61529]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S1 MpKsl4a861a9e;MpKsl4a861a9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys [?]
S1 MpKsl587ae904;MpKsl587ae904;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys [?]
S1 MpKsl8c05965a;MpKsl8c05965a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys [?]
S1 MpKsl995b3c26;MpKsl995b3c26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys [?]
S1 MpKsla0e20273;MpKsla0e20273;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys [?]
S1 MpKslb4638dd0;MpKslb4638dd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys [?]
S2 NtmsSvc32;Removable Storage ;c:\windows\system32\scarddlg32.exe --> c:\windows\system32\scarddlg32.exe [?]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/5/2007 11:30 AM 9344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 12872]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBDD95CBC
*NewlyCreated* - MPKSLF9014EED
*Deregistered* - MpKslf9014eed
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2010-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
2011-06-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.237.161.12 71.243.0.12
DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} - hxxp://192.168.1.244:81/activeX/DvrActiveXSetup.exe
FF - ProfilePath - c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Christopher Nova\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-29 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-29 10:42:39
ComboFix-quarantined-files.txt 2011-06-29 14:42
ComboFix2.txt 2011-05-31 14:13
.
Pre-Run: 84,213,993,472 bytes free
Post-Run: 84,210,208,768 bytes free
.
- - End Of File - - 3BBAE6206CAE95393BF28443A32713C2
  • 0

#7
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\scarddlg32.exe

Driver::
NtmsSvc32


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#8
StupidTrojans2

StupidTrojans2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the new combofix log




ComboFix 11-06-29.06 - Christopher Nova 06/29/2011 16:37:57.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.462 [GMT -4:00]
Running from: c:\documents and settings\Christopher Nova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Christopher Nova\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\scarddlg32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NTMSSVC32
-------\Service_NtmsSvc32
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-29 14:56 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\mpengine.dll
2011-06-22 17:05 . 2011-06-22 17:05 0 ---ha-w- c:\documents and settings\Christopher Nova\poolrqwpsq.tmp
2011-06-16 12:55 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-01 18:53 . 2011-06-01 18:53 88 --sh--r- c:\windows\system32\6CD50CB597.sys
2011-06-01 13:26 . 2011-06-01 13:26 -------- d-----w- c:\program files\ESET
2011-05-31 13:45 . 2011-05-31 13:45 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2010-08-23 13:16 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-10 16:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((( [email protected]_14.38.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-29 20:47 . 2011-06-29 20:47 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat
+ 2011-06-30 13:21 . 2011-06-30 13:21 16384 c:\windows\Temp\Perflib_Perfdata_440.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-21 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2010-1-19 921707]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 14:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-08-14 18:20 462336 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-05-09 16:16 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I.R.I.S. Desktop Search]
2006-01-11 13:37 5193512 ----a-w- c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 08:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-30 13:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqgalry.exe"=
"c:\\Documents and Settings\\Christopher Nova\\Desktop\\nes\\VirtuaNES.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/13/2009 8:48 AM 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2011 8:49 AM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 9:24 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 67656]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [1/19/2010 2:27 PM 61529]
R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/5/2007 11:30 AM 9344]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S1 MpKsl348a0138;MpKsl348a0138;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\MpKsl348a0138.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\MpKsl348a0138.sys [?]
S1 MpKsl4a861a9e;MpKsl4a861a9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys [?]
S1 MpKsl587ae904;MpKsl587ae904;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys [?]
S1 MpKsl8c05965a;MpKsl8c05965a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys [?]
S1 MpKsl995b3c26;MpKsl995b3c26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys [?]
S1 MpKsla0e20273;MpKsla0e20273;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys [?]
S1 MpKslb4638dd0;MpKslb4638dd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 12872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2010-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
2011-06-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.237.161.12 71.243.0.12
DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} - hxxp://192.168.1.244:81/activeX/DvrActiveXSetup.exe
FF - ProfilePath - c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Christopher Nova\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-30 09:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\PRISMAPI.DLL
.
- - - - - - - > 'explorer.exe'(288)
c:\windows\system32\WININET.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\stsystra.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscript.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-06-30 09:23:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-30 13:23
ComboFix2.txt 2011-06-29 14:42
ComboFix3.txt 2011-05-31 14:13
.
Pre-Run: 84,160,995,328 bytes free
Post-Run: 84,114,788,352 bytes free
.
- - End Of File - - 631E8C0C130FA6F61BF3BED61B3278D4
  • 0

#9
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#10
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
*removed*
  • 0

Advertisements


#11
StupidTrojans2

StupidTrojans2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey, the computer seems to be running fine now, no more google redirects. Thank you so much for the help! I will have the ESET results for you tomorrow morning, here is the MBAM log.




Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6988

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/30/2011 3:39:44 PM
mbam-log-2011-06-30 (15-39-44).txt

Scan type: Quick scan
Objects scanned: 249717
Time elapsed: 13 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\02000000fe76b95b1349c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000fe76b95b1349o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000fe76b95b1349p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000fe76b95b1349s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Thanks for informing me, awaiting resuls :)
  • 0

#13
StupidTrojans2

StupidTrojans2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here are the ESET Results.






[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=121d999b69307e43af2fdfaa0b8e9cab
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-01 03:05:53
# local_time=2011-06-01 11:05:53 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 0 18039914 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98805
# found=6
# cleaned=6
# scan_time=5701
C:\Program Files\MP3 Player Utilities 3.73\DelDrv.exe Win32/KillFiles.NEM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Christopher Nova\Application Data\Sun\kfb0.dll.vir a variant of Win32/AutoRun.Spy.Ambler.CR worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000459.dll a variant of Win32/AutoRun.Spy.Ambler.CR worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0000632.exe Win32/KillFiles.NEM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05312011_094507\C_WINDOWS\system32\itlnfw32.dll a variant of Win32/Koblu.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05312011_094507\C_WINDOWS\system32\kbdneprh.dll a variant of Win32/Kryptik.LLT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=121d999b69307e43af2fdfaa0b8e9cab
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-30 09:05:13
# local_time=2011-06-30 05:05:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 0 20569161 0 0
# compatibility_mode=8192 67108863 100 0 1607903 1607903 0 0
# scanned=103478
# found=30
  • 0

#14
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#15
StupidTrojans2

StupidTrojans2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here ya go




OTL logfile created on: 7/1/2011 1:16:42 PM - Run 9
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Christopher Nova\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 300.86 Mb Available Physical Memory | 29.44% Memory free
2.40 Gb Paging File | 1.48 Gb Available in Paging File | 61.47% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 78.13 Gb Free Space | 53.53% Space Free | Partition Type: NTFS

Computer Name: RECEPTION | User Name: Christopher Nova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
PRC - [2011/06/21 09:46:33 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/26 12:45:25 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/12 13:48:48 | 000,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 10:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/03/24 16:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/07/27 16:50:04 | 000,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/04/06 06:28:46 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/06/30 16:03:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40539EA4-FD7D-4A4C-BD7B-06E2E6F3C88A}\MpKsld3e3f15e.sys -- (MpKsld3e3f15e)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/03/25 09:32:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/01 09:28:28 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/02 19:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5070509
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 31 61 15 92 0E E4 44 B6 04 A0 E8 D6 42 00 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/05/29 09:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 11:53:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/17 11:53:15 | 000,000,000 | ---D | M]

[2010/01/27 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Extensions
[2011/06/29 11:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions
[2010/04/28 09:23:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/13 16:51:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/29 11:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 14:05:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/05/29 09:10:58 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/30 11:11:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CHRISTOPHER NOVA\APPLICATION DATA\MOVE NETWORKS
[2010/04/20 14:05:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/20 14:05:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/26 11:16:08 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/06/30 09:18:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} http://192.168.1.244...ctiveXSetup.exe (Softwell_DVR_Monitor.monitor)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.243.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/29 10:29:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/29 10:29:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/29 10:29:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/29 10:29:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/29 10:26:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/29 09:38:22 | 004,129,550 | R--- | C] (Swearware) -- C:\Documents and Settings\Christopher Nova\Desktop\ComboFix.exe
[2011/06/09 14:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Desktop\new job pics
[2003/04/09 23:44:06 | 000,229,376 | ---- | C] ( ) -- C:\WINDOWS\System32\mpeg4xvid.dll
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 15:55:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/30 15:51:24 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/30 15:50:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/30 15:50:29 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 09:18:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/29 16:35:57 | 004,129,550 | R--- | M] (Swearware) -- C:\Documents and Settings\Christopher Nova\Desktop\ComboFix.exe
[2011/06/27 08:51:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 09:17:45 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
[2011/06/20 10:06:40 | 000,466,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 10:06:40 | 000,080,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 12:30:48 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 10:07:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/01 14:53:27 | 000,009,386 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/06/01 14:53:21 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\6CD50CB597.sys
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/29 10:29:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/29 10:29:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/29 10:29:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/29 10:29:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/29 10:29:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/01 14:53:20 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6CD50CB597.sys
[2011/04/26 08:52:07 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\test
[2010/02/25 15:15:36 | 000,029,902 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\Tab Separated Values (Windows).ADR
[2010/01/26 12:46:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2010/01/26 12:46:01 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2010/01/26 12:46:01 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2010/01/26 12:29:23 | 000,053,990 | ---- | C] () -- C:\WINDOWS\hppins01.dat.temp
[2010/01/26 12:29:23 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat.temp
[2010/01/26 12:15:16 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
[2010/01/19 14:27:25 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2009/11/04 13:55:11 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/24 11:26:18 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\dvd.bmk
[2009/05/05 11:53:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/22 11:52:48 | 000,003,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/08/20 11:04:33 | 000,000,262 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/07/14 16:16:20 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/30 13:22:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/30 13:18:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/29 15:36:59 | 000,000,138 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2007/10/18 10:10:01 | 000,009,386 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/05 11:32:26 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/09/05 11:32:02 | 000,001,606 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/09/05 11:31:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2007/09/05 11:31:49 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2007/08/02 09:06:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/31 10:49:33 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/16 13:52:01 | 000,094,289 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2007/07/16 13:52:01 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2007/06/12 14:00:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/17 08:49:11 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\fusioncache.dat
[2007/05/09 12:21:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/09 12:15:43 | 000,001,347 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/09 11:50:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/05/09 11:50:28 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/05/09 11:49:20 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/27 16:34:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/12/27 16:34:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/08/03 02:52:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DvrSetup.dll
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,466,880 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,080,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/07 00:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== LOP Check ==========

[2008/02/20 15:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/01/19 14:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2008/07/24 09:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/01/19 13:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/07/09 12:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/08 11:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/14 12:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\ManyCam
[2010/04/21 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Desktop Search
[2010/05/13 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Search
[2011/06/30 15:55:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP