Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware Doctor + potentially others


  • This topic is locked This topic is locked

#1
ajb_edl

ajb_edl

    Member

  • Member
  • PipPip
  • 48 posts
Hi all,

I have been helped out by the good folk at GTG on a number of occasions over the past 6 years, so firstly thank you all for your assistance.

This time, however, I am trying to help a familiy member with their PC woes. I don't know a lot about the problem (seeing as the computer is not mine) but it appears to be infected with a virus or trojan related to 'Spyware Doctor'. Every so often, particularly when the computer is idle for a while, Spyware Doctor will start up and run a sham virus scan, which invariably results in the 'detection' of a number of intrusions. The owner of the computer assures me that 'Spyware Doctor' was not installed voluntarily. I have not used any programs or manual fixes to resolve this issue.

The OT log is pasted below. If you could please help us with this problem, we would be most grateful!



OTL logfile created on: 24/06/2011 6:57:41 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

991.48 Mb Total Physical Memory | 156.05 Mb Available Physical Memory | 15.74% Memory free
2.33 Gb Paging File | 1.56 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 165.91 Gb Free Space | 71.24% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 298.09 Gb Total Space | 200.33 Gb Free Space | 67.21% Space Free | Partition Type: NTFS

Computer Name: USER-8A5244D007 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/24 18:56:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/06/24 18:03:31 | 001,558,016 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Temp\iCBB_11_13 R09-27 IINET B01 Monitor Temporary Items\monSvr.exe
PRC - [2011/05/16 22:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/13 19:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/11 08:21:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 14:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 05:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/27 09:07:42 | 000,959,752 | ---- | M] (ABBYY) -- C:\Program Files\ABBYY Screenshot Reader\ScreenshotReader.exe
PRC - [2009/05/15 00:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
PRC - [2007/02/18 15:22:20 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:20:06 | 000,293,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/05 19:33:07 | 000,346,624 | ---- | M] () -- C:\Program Files\iiNet\iConnect\launcher.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/01/28 03:16:57 | 000,856,064 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/08/04 22:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 22:00:00 | 000,506,368 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004/08/04 22:00:00 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 22:00:00 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 22:00:00 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 22:00:00 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 22:00:00 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 22:00:00 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 22:00:00 | 000,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 22:00:00 | 000,014,848 | ---- | M] () -- C:\WINDOWS\system32\lsass.exe
PRC - [2003/11/14 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/24 18:56:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/11/26 20:01:20 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/04 12:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll
MOD - [2008/07/29 07:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 07:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
MOD - [2006/08/26 01:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2003/11/14 09:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/11/14 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/16 22:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/19 05:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/05/15 00:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.ScreenshotReader.9.0)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/01/28 03:16:57 | 000,856,064 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/01/28 03:16:57 | 000,856,064 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/08/04 22:00:00 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2004/08/04 22:00:00 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/04 22:00:00 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/04 22:00:00 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/04 22:00:00 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)


========== Driver Services (SafeList) ==========

DRV - [2011/03/09 17:47:47 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/03/09 17:47:46 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/10 12:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 13:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/12/07 16:12:36 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2008/07/19 17:16:46 | 000,056,832 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/07/19 17:16:35 | 000,074,240 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/10/04 17:10:52 | 000,041,288 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2005/03/17 18:51:16 | 001,033,600 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 18:50:36 | 000,221,440 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 18:50:32 | 000,705,280 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/24 16:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/28 03:07:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/01/27 19:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/01/27 19:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/08/05 17:58:14 | 000,220,672 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/05 17:57:56 | 000,012,416 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/05/10 21:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2003/11/07 19:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 19:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/10/09 14:46:00 | 000,044,544 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid)
DRV - [2003/07/18 11:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 19:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 17:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 19:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/11 01:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iinet.net.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://starter.metacafe.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/26 20:01:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 08:22:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 08:22:00 | 000,000,000 | ---D | M]

[2008/09/07 07:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/05/12 13:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yckpbb0j.default\extensions
[2011/05/12 13:58:54 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yckpbb0j.default\extensions\[email protected]
[2008/05/29 21:51:42 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yckpbb0j.default\searchplugins\bbc-news.xml
[2007/05/21 20:26:18 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yckpbb0j.default\searchplugins\mozilla-add-ons.xml
[2011/05/11 07:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/08 21:49:38 | 000,000,000 | ---D | M] (OneStep Search) -- C:\Program Files\Mozilla Firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
[2010/07/26 17:54:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/08/30 15:54:44 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2010/11/26 20:01:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/07/26 17:54:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/11 08:21:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/26 17:54:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/10 09:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2011/05/11 08:21:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/11 08:21:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/11 08:21:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/11 08:21:52 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/11 08:21:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/04/07 20:01:35 | 000,005,465 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost #***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 flavinha.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 heretofind.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 localhost # ***Inserted By STOPzilla***
O1 - Hosts: 68 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DealioBHO Class) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4700 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4700 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ABBYY Screenshot Reader Retail] C:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe (ABBYY)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Centre.lnk = C:\Program Files\iiNet\iConnect\launcher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\User\Application Data\Dealio\kb124\res\DealioSearch.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O9 - Extra 'Tools' menuitem : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/31 10:04:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/13 00:05:25 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 12:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 09:30:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\ARCHIVES MASTER
[2011/06/11 14:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\1-abc
[2011/06/11 14:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\1-abc
[2011/06/11 14:16:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/06/05 12:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 19:05:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/06/24 18:59:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/24 18:56:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/24 18:26:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/24 18:25:38 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1767777339-839522115-1004.job
[2011/06/24 18:25:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1767777339-839522115-1004.job
[2011/06/24 18:04:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/24 18:04:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/24 18:03:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/24 18:03:25 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1767777339-839522115-500.job
[2011/06/24 18:03:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/24 17:50:43 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 18:53:41 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/23 18:53:41 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/23 06:49:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1767777339-839522115-500.job
[2011/06/22 14:36:46 | 000,323,317 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Ryobi Belt Sander.pdf
[2011/06/18 17:35:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\PersonalFolder to End Jul 08.pst
[2011/06/18 17:35:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Personal Contacts from old computer-1.pst
[2011/06/18 17:35:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Personal Contacts from old computer.pst
[2011/06/18 17:35:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Overflow at 15Oct08.pst
[2011/06/18 17:35:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GlobalSpec to 17May09.pst
[2011/06/18 17:35:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CR4to20OCT08.pst
[2011/06/18 17:35:29 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Contacts from old computer.pst
[2011/06/18 17:35:08 | 000,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 17:35:08 | 000,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/18 13:11:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 17:10:36 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/12 18:28:13 | 000,682,568 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Uni Super Division 2028.pdf
[2011/06/11 14:38:39 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Surf Trail Washer.lnk
[2011/06/05 12:24:17 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/23 23:14:45 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1767777339-839522115-1004.job
[2011/06/22 14:33:28 | 000,323,317 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Ryobi Belt Sander.pdf
[2011/06/12 18:28:13 | 000,682,568 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Uni Super Division 2028.pdf
[2011/06/11 14:38:39 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Surf Trail Washer.lnk
[2011/06/08 17:04:56 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/05 12:24:17 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/06/01 10:25:23 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/06/01 10:25:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/12/26 19:09:27 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/26 19:09:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/26 19:09:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/26 19:09:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/26 19:09:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/28 18:30:47 | 000,000,915 | ---- | C] () -- C:\WINDOWS\MHPB.ini
[2009/04/23 11:04:58 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/10/25 10:54:06 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2008/10/11 16:46:02 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/10/11 16:45:59 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\lsass.exe
[2008/10/11 16:45:41 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\svchost.exe
[2008/10/11 16:45:37 | 000,506,368 | ---- | C] () -- C:\WINDOWS\System32\winlogon.exe
[2008/09/20 15:34:13 | 000,000,329 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/09/20 15:34:13 | 000,000,048 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/09/20 15:34:11 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/09/20 15:34:10 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/09/20 15:34:10 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/09/20 15:34:09 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/09/20 15:34:09 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/09/20 15:34:08 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/09/20 15:34:08 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/09/20 15:34:02 | 000,003,915 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/09/20 15:33:52 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/09/20 15:33:52 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/09/20 15:33:48 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/09/20 15:33:47 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/09/15 06:12:09 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/30 15:49:33 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2008/04/27 13:50:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Eurofighter Typhoon Zoom 2008.ini
[2008/04/26 21:49:30 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2007/05/17 20:59:48 | 000,001,860 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/13 17:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/09 22:08:30 | 000,089,430 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/12/09 22:08:30 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/12/09 22:08:30 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/12/09 22:08:30 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/12/09 22:08:30 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/12/09 22:08:30 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/12/09 22:08:30 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/12/09 22:08:30 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/12/09 22:08:30 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/12/09 22:08:30 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/12/09 22:08:30 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/12/09 22:08:30 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/12/09 22:08:30 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/12/09 22:08:30 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/12/09 22:08:30 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/12/09 22:08:30 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/12/09 22:08:30 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/09 22:06:41 | 000,000,041 | ---- | C] () -- C:\WINDOWS\CDE CX4700EC.ini
[2006/07/11 06:18:28 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/06/11 11:07:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/06/09 20:20:50 | 000,000,939 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/20 19:50:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 18:21:52 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/05/03 18:21:51 | 000,000,129 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/04/19 18:45:19 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2006/03/05 11:34:10 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/04 09:03:33 | 000,000,378 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2006/01/21 19:32:53 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\astrolib32.dll
[2006/01/14 12:06:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/03 09:20:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/01/03 09:20:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/01/03 09:19:35 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2006/01/03 09:13:18 | 000,106,346 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2006/01/03 09:13:11 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis760.bin
[2006/01/03 09:13:11 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis741.bin
[2006/01/03 09:13:11 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis660.bin
[2006/01/03 09:13:06 | 000,102,538 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006/01/03 09:11:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2005/12/31 17:16:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/31 17:15:05 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/31 10:06:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/31 10:02:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/02 12:26:49 | 000,000,042 | ---- | C] () -- C:\WINDOWS\dedir.dat
[2004/08/04 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 22:00:00 | 000,314,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 22:00:00 | 000,041,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 22:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/04/13 10:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/01/28 19:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
[2007/04/21 12:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iConnect
[2011/03/09 17:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jPbIaEn01814
[2006/01/19 20:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/04/22 16:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPEN Networks
[2008/06/26 19:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/04/07 20:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/24 18:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/09 22:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/03/10 17:38:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
[2010/01/07 15:32:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Application Data\.#
[2010/02/04 02:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ArcticLine
[2006/12/02 10:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2008/08/30 15:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dealio
[2009/10/21 17:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Desktopicon
[2006/12/27 19:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EPSON
[2009/12/31 08:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iMapBuilder
[2007/12/11 20:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2007/09/09 16:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2006/04/05 20:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\STOPzilla!
[2011/06/24 18:04:16 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/24 19:05:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/06/24 18:26:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello ajb_edl and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    [2011/03/09 17:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jPbIaEn01814
    [2010/01/07 15:32:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Application Data\.#


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
  • AVPTool log
It would be helpful if you could post each log in separate post
  • 0

#3
ajb_edl

ajb_edl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi! Thanks for the reply. First Log is below:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
Folder C:\Documents and Settings\All Users\Application Data\jPbIaEn01814\ not found.
C:\Documents and Settings\User\Application Data\.# folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_203932
  • 0

#4
ajb_edl

ajb_edl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
MBAM log below. Two trojans (Agent and Dropper) removed.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6966

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28/06/2011 9:42:21 PM
mbam-log-2011-06-28 (21-42-21).txt

Scan type: Quick scan
Objects scanned: 169874
Time elapsed: 22 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\User\local settings\Temp\fsupzchn.com.part (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp00000010d038a841bfa13a36 (Trojan.Dropper) -> Quarantined and deleted successfully.
  • 0

#5
ajb_edl

ajb_edl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi,

I've got Kaspersky going but it's taking an age to scan. It's already removed a number of threats. I'll post the log/results when it's done!
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ajb_edl,

It's OK. Let it clean your system for us :). Test your system after the scan and post your results.
  • 0

#7
ajb_edl

ajb_edl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
:) :unsure:

Wow, the computer is having some SERIOUS difficulties! (I'm posting from another set-up right now).

I ran the Kaspersky program, and, when prompted, removed/disinfected malware files. The scan was up to only about 7% completed when the computer rebooted. However, the computer didn't start up as normal - when the Windows start up image appeared on the screen, it rebooted again! And then it rebooted again, again and again, going in rebooting cycles!

I tried to start the computer in Safe Mode (F8), Safe Mode with Networking, and in the Last Known Good Configuration, but none of these attempts would allow the computer to start up!

Any suggestions?
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Sometimes malware does this... We will try to repair it. By the way, do you have Windows XP installation disk. Maybe we will need it to repair your system.

For next two steps we will need your clean PC and blank CD.

Please print these instruction out so that you know what you are doing

Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy

Step 1

After you boot OTLPE CD:

  • Go to My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Wait until it finish and try to start your system as usual

Step 2

If first step fails then start OTLPE CD again and then

  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\\OTL.txt file in your reply.

  • 0

#9
ajb_edl

ajb_edl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi!

I've managed to set the process going using the OTLPE program running of a CD. Will let you know how it goes!
  • 0

#10
ajb_edl

ajb_edl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Unforunately the OTLPE fix didn't work! I still can't boot up from the hard drive - I'm still getting the rebooting cycles.

OTL Log is below!

OTL logfile created on: 6/30/2011 11:08:52 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

991.00 Mb Total Physical Memory | 789.00 Mb Available Physical Memory | 80.00% Memory free
883.00 Mb Paging File | 824.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 166.12 Gb Free Space | 71.33% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/05/28 19:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\MBAM\mbamservice.exe -- (MBAMService)
SRV - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/18 15:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/14 23:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/05/14 10:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.ScreenshotReader.9.0)
SRV - [2006/11/03 05:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/29 19:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/01/27 13:16:57 | 000,856,064 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/01/27 13:16:57 | 000,856,064 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (szkg)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (PCASp50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/05/28 19:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/28 19:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/09 03:47:47 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/03/09 03:47:46 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/09 22:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/15 23:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/12/07 02:12:36 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2009/10/21 23:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\71856112.sys -- (71856112)
DRV - [2009/10/09 09:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\7185611.sys -- (setup_9.0.0.722_28.06.2011_15-10drv)
DRV - [2009/09/25 03:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\WINDOWS\system32\drivers\71856111.sys -- (71856111)
DRV - [2008/07/19 03:16:46 | 000,056,832 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/07/19 03:16:35 | 000,074,240 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/10/04 03:10:52 | 000,041,288 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2005/03/17 04:51:16 | 001,033,600 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 04:50:36 | 000,221,440 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 04:50:32 | 000,705,280 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/24 02:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/27 13:07:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/01/27 05:08:08 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/01/27 05:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/01/27 05:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/08/05 03:58:14 | 000,220,672 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/05 03:57:56 | 000,012,416 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/05/10 07:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2003/11/07 05:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 05:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/10/09 00:46:00 | 000,044,544 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiSRaid.sys -- (SiSRaid)
DRV - [2003/07/17 21:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/03/25 05:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)
DRV - [2002/10/17 03:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 05:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 11:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\Administrator_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iinet.net.au/
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://starter.metacafe.com
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/26 06:01:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 18:22:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 18:22:00 | 000,000,000 | ---D | M]

[2009/10/11 17:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/10/11 17:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xile6xdr.default\extensions
[2011/05/10 17:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/08 07:49:38 | 000,000,000 | ---D | M] (OneStep Search) -- C:\Program Files\Mozilla Firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
[2010/07/26 03:54:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/08/30 01:54:44 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/11/26 06:01:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/07/26 03:54:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/10 18:21:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/26 03:54:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2011/05/10 18:21:52 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/10 18:21:52 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/10 18:21:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/10 18:21:52 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/10 18:21:52 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/04/07 06:01:35 | 000,005,465 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost #***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 flavinha.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 heretofind.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 localhost # ***Inserted By STOPzilla***
O1 - Hosts: 68 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DealioBHO Class) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O3 - HKU\User_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\User_ON_C\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4700 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4700 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\MBAM\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\User_ON_C..\Run: [ABBYY Screenshot Reader Retail] C:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe (ABBYY)
O4 - HKU\User_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\User_ON_C..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Centre.lnk = C:\Program Files\iiNet\iConnect\launcher.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2011_15-10.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O9 - Extra 'Tools' menuitem : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll (Vendio Services, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/30 20:04:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 08:12:24 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\7185611.sys
[2011/06/28 08:12:24 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\71856111.sys
[2011/06/28 08:12:24 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\71856112.sys
[2011/06/28 08:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Virus Removal Tool
[2011/06/28 07:45:58 | 100,372,480 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\setup_9.0.0.722_28.06.2011_15-10.exe
[2011/06/28 07:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MBAM
[2011/06/28 07:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\MBAM
[2011/06/28 07:02:40 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/28 06:39:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/12 19:30:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\ARCHIVES MASTER
[2011/06/11 00:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\1-abc
[2011/06/11 00:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\1-abc
[2011/06/11 00:16:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/06/07 16:11:35 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/04 22:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 08:02:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/29 04:05:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/06/29 03:59:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/29 03:06:39 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1767777339-839522115-1004.job
[2011/06/29 03:06:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1767777339-839522115-1004.job
[2011/06/29 02:59:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 12:14:24 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/28 09:29:47 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Personal Contacts from old computer-1.pst
[2011/06/28 09:29:47 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Personal Contacts from old computer.pst
[2011/06/28 09:29:47 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GlobalSpec to 17May09.pst
[2011/06/28 09:29:47 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Contacts from old computer.pst
[2011/06/28 09:29:46 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\PersonalFolder to End Jul 08.pst
[2011/06/28 09:29:46 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Overflow at 15Oct08.pst
[2011/06/28 09:29:45 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CR4to20OCT08.pst
[2011/06/28 08:15:28 | 000,002,211 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2011_15-10.lnk
[2011/06/28 08:08:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 08:06:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/28 08:06:29 | 000,000,020 | ---- | M] () -- C:\sccfg.sys
[2011/06/28 08:06:20 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1767777339-839522115-500.job
[2011/06/28 08:00:11 | 100,372,480 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\setup_9.0.0.722_28.06.2011_15-10.exe
[2011/06/28 07:06:41 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/28 07:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\MBAM
[2011/06/28 07:03:41 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/28 03:15:06 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/24 23:11:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 18:55:53 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/24 04:56:26 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/06/23 04:53:41 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/23 04:53:41 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/22 16:49:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1767777339-839522115-500.job
[2011/06/22 00:36:46 | 000,323,317 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Ryobi Belt Sander.pdf
[2011/06/18 16:31:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/18 03:35:08 | 000,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 03:35:08 | 000,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/12 04:28:13 | 000,682,568 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Uni Super Division 2028.pdf
[2011/06/11 00:38:39 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Surf Trail Washer.lnk
[2011/06/04 22:24:17 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/04 22:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/28 08:15:28 | 000,002,211 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2011_15-10.lnk
[2011/06/28 07:06:41 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/27 16:52:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1767777339-839522115-1004.job
[2011/06/22 00:33:28 | 000,323,317 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Ryobi Belt Sander.pdf
[2011/06/12 04:28:13 | 000,682,568 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Uni Super Division 2028.pdf
[2011/06/11 00:38:39 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Surf Trail Washer.lnk
[2011/06/08 03:04:56 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/04 22:24:17 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/31 20:25:23 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/31 20:25:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/12/26 05:09:27 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/26 05:09:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/26 05:09:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/26 05:09:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/26 05:09:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/28 04:30:47 | 000,000,915 | ---- | C] () -- C:\WINDOWS\MHPB.ini
[2009/04/22 21:04:58 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/10/24 20:54:06 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2008/10/11 02:46:02 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/09/20 01:34:13 | 000,000,329 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/09/20 01:34:13 | 000,000,048 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/09/20 01:34:11 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2008/09/20 01:34:10 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2008/09/20 01:34:10 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2008/09/20 01:34:09 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2008/09/20 01:34:09 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2008/09/20 01:34:08 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2008/09/20 01:34:08 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2008/09/20 01:34:02 | 000,003,915 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2008/09/20 01:33:52 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2008/09/20 01:33:52 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2008/09/20 01:33:48 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2008/09/20 01:33:47 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2008/09/14 16:12:09 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/30 01:49:33 | 000,000,103 | ---- | C] () -- C:\WINDOWS\acezflowers.ini
[2008/08/30 01:08:56 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\User\PnIC.dll
[2008/08/30 01:08:56 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\User\gm_dll1.dll
[2008/04/26 23:50:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Eurofighter Typhoon Zoom 2008.ini
[2008/04/26 07:49:30 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2007/05/17 06:59:48 | 000,001,860 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/13 03:37:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/09 08:08:30 | 000,089,430 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/12/09 08:08:30 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/12/09 08:08:30 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/12/09 08:08:30 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/12/09 08:08:30 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/12/09 08:08:30 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/12/09 08:08:30 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/12/09 08:08:30 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2006/12/09 08:08:30 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/12/09 08:08:30 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/12/09 08:08:30 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/12/09 08:08:30 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/12/09 08:08:30 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/12/09 08:08:30 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2006/12/09 08:08:30 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2006/12/09 08:08:30 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/12/09 08:08:30 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/09 08:06:41 | 000,000,041 | ---- | C] () -- C:\WINDOWS\CDE CX4700EC.ini
[2006/07/10 16:18:28 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/06/10 21:07:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/06/09 06:20:50 | 000,000,939 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/20 05:50:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/03 04:21:52 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/05/03 04:21:51 | 000,000,129 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/04/19 04:45:19 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2006/03/04 21:34:10 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/03 19:03:33 | 000,000,378 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2006/01/21 05:32:53 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\astrolib32.dll
[2006/01/13 22:06:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/02 19:20:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/01/02 19:20:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/01/02 19:19:35 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2006/01/02 19:13:18 | 000,106,346 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2006/01/02 19:13:11 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis760.bin
[2006/01/02 19:13:11 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis741.bin
[2006/01/02 19:13:11 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis660.bin
[2006/01/02 19:13:06 | 000,102,538 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006/01/02 19:11:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2005/12/31 03:16:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/31 03:15:05 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/30 20:06:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/30 20:02:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/01 22:26:49 | 000,000,042 | ---- | C] () -- C:\WINDOWS\dedir.dat
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,314,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,041,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/02/03 12:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ArcticLine
[2006/12/01 20:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2008/08/30 01:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dealio
[2009/10/21 03:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Desktopicon
[2006/12/27 05:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EPSON
[2009/12/30 18:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\iMapBuilder
[2007/12/11 06:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2007/09/09 02:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2006/04/05 06:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\STOPzilla!
[2008/04/12 20:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/01/28 05:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
[2007/04/20 22:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iConnect
[2011/06/28 08:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jPbIaEn01814
[2006/01/19 06:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/04/22 02:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPEN Networks
[2008/06/26 05:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/04/07 06:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/29 04:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/09 08:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/03/10 03:38:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
[2011/06/28 08:06:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/29 04:05:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/06/28 12:14:24 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ajb_edl,

Do you have Windows XP installation disk? Start OTLPE as you did previously from CD

Step 1

  • Start OTLPE and in the custom scans box copy this command

    SAVEMBR:0
  • Run the quick scan
When it has finished there will be a file on your root C drive called PhysicalMBR.bin could you zip that file and attach to your next post please

Step 2

  • From OTLPE Desktop start MBRFix by double click
  • Please enter this command in Command Prompt
    mbrfix /drive 0 fixmbr /yes
  • press Enter and if all goes fine you wont see any error messages.

Restart your system now and see if you can boot it now.
  • 0

#12
ajb_edl

ajb_edl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi,

Yes I do have the Windows start-up disc - should I do as per the instructions below or should I attempt to start from the Windows disc?
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good to know. Do my steps first. Maybe we'll need Windows XP installation disk later
  • 0

#14
ajb_edl

ajb_edl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi,

I ran the two programs in your last post, but neither of them allowed the computer to boot normally. I also wasn't able to zip and post the file you requested, and I was prevented from uploading the file in it's current state to GTG (but I'll work on this later).

I won't be near the computer for the next two days, so please don't close the topic! Thanks for your help so far.
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ajb_edl,

OK. I'll do some research and post my response tomorrow. Stay tunned.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP