Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Compaq Connections.exe.vir


  • Please log in to reply

#1
timbotheking

timbotheking

    Member

  • Member
  • PipPip
  • 33 posts
Hi,

I have recently been having many issues with the internet capability of my computer. Every time my computer starts up, the Norton Firewall pops up, indicating that "Compaq connections.exe.vir" is trying to run on my computer. I'm not sure what this is. In addition to that, every time I use my Internet explorer, the "Internet Explorer has encountered a problem and needs to close" dialog box appears. If I click on either "send error report" or "don't send", it automatically closes out my browser. However, if I leave it up on the screen, I can continue browsing.
Another issue I was having was that multiple tabs were opening up each time I began a new browsing session through Internet Explorer. They would go to different types of advertising sites. This issue has subsided, though for the moment, but thought it was worth mentioning.
The final issue I've been having is my wireless network capability. I don't know if it has anything to do with a virus or malware, but I can only access the internet when hooked up through my Motorola surfboard modem. If I try to run it through my wireless router, I cannot access the internet. I read somewhere this may be due to a virus infecting the computer.
Below is the OTL log:
Thank you for your assistance,

OTL logfile created on: 7/8/2011 8:41:36 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.32 Gb Available Physical Memory | 26.70% Memory free
2.84 Gb Paging File | 2.24 Gb Available in Paging File | 78.82% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.61 Gb Total Space | 23.64 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
Drive D: | 3.27 Gb Total Space | 0.33 Gb Free Space | 10.17% Space Free | Partition Type: FAT32

Computer Name: HESTER | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 20:40:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/06/13 02:03:06 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/08 04:32:28 | 003,293,536 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Compaq_Owner\Local Settings\temp\miaB7.tmp\bm_installer.exe
PRC - [2011/03/22 14:57:22 | 000,027,648 | ---- | M] (CouponAlert) -- C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
PRC - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2007/03/28 19:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/01/09 18:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/09 18:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2006/07/13 13:27:16 | 000,528,384 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/10/19 13:54:46 | 000,202,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\NAVW32.EXE
PRC - [2005/10/19 13:54:14 | 000,177,264 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2005/02/28 17:56:32 | 000,218,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
PRC - [2004/07/21 19:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2011/07/08 20:40:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2011/03/22 14:57:22 | 000,031,744 | ---- | M] (CouponAlert) -- C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrstub.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/13 02:03:06 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/22 14:57:22 | 000,036,864 | ---- | M] (CouponAlert) [Auto | Stopped] -- C:\Program Files\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
SRV - [2010/03/04 15:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/28 19:41:56 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/09 18:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 18:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 18:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/07/13 13:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/10/19 13:54:52 | 000,046,704 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2005/10/19 13:54:14 | 000,177,264 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/03/07 15:59:36 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/02/28 17:56:32 | 000,218,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/21 19:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/09/15 14:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20101230.002\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/06/15 02:02:47 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/26 10:05:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/26 10:05:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/26 10:05:52 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/25 05:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090225.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/02/25 05:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090225.021\NAVENG.SYS -- (NAVENG)
DRV - [2007/06/15 03:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/03/28 19:41:26 | 000,266,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 19:41:24 | 000,018,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/03/28 19:41:20 | 000,037,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/03/28 19:41:18 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/03/28 19:41:14 | 000,171,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/03/28 19:41:12 | 000,011,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/09/15 23:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/14 01:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/03/07 15:59:50 | 000,050,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - [2005/03/07 15:59:44 | 000,338,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - [2005/01/10 11:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 11:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/01 20:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/30 01:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 13:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/07/21 19:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/29 20:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 01:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {19A0F032-27D7-4227-BBB5-51AA9E5904F5} - C:\Program Files\Dogpile Toolbar\Helper.dll ()
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (CouponAlert)
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2p\bar\1.bin\NP2pStub.dll (CouponAlert)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\5.bin\NPFunWeb.dll (Fun Web Products, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files\CouponAlert_2p\bar\1.bin [2011/03/22 14:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/06 13:41:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Meep\FF\ [2010/09/04 13:48:57 | 000,000,000 | ---D | M]

[2010/06/16 10:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2010/01/17 02:44:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Freecause Toolbar BHO) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (CouponAlert)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (CouponAlert)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.7\MeepBar.dll ()
O4 - HKLM..\Run: [4shared Update] C:\Program Files\4shared Desktop\checkUpdate.exe (New IT Solutions)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe (CouponAlert)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Samsung Common SM] C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [4shared Desktop] C:\Program Files\4shared Desktop\desktop.exe (New IT Solutions)
O4 - HKCU..\Run: [MeepSearchAssist] C:\Program Files\Meep\JixeySearchHelper\JixeySearchHelper.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe.vir (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm ()
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1230580444468 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/26 21:00:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 20:40:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/07/08 19:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\PackageAware
[2011/07/07 18:52:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/07 18:49:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/07/07 18:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/07/07 18:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/07/07 18:47:57 | 000,000,000 | ---D | C] -- C:\17a2adeab0eea6167f307d0e1d0e4c35
[2011/07/05 20:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Motive
[2011/07/05 20:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/07/04 11:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/07/04 11:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/07/13 13:38:18 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2006/07/13 13:37:04 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2006/07/13 13:32:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll
[2006/07/13 13:32:10 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcfg.exe
[2006/07/13 13:30:28 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctih.exe
[2006/07/13 13:30:18 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2006/07/13 13:28:08 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2006/07/13 13:27:24 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2006/07/13 13:27:16 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcoms.exe
[2006/07/13 13:26:42 | 000,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2006/07/13 13:26:12 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2006/07/13 13:19:32 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2006/07/13 13:16:42 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2006/07/13 13:15:54 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2002/04/11 02:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 20:40:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/07/08 20:33:02 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3099956112-2596822647-424640563-1008UA.job
[2011/07/08 20:18:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 20:00:00 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
[2011/07/08 19:56:09 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/08 19:55:35 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1008.job
[2011/07/08 19:55:35 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1008.job
[2011/07/08 11:33:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3099956112-2596822647-424640563-1008Core.job
[2011/07/08 11:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 21:13:11 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1010.job
[2011/07/07 21:13:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1011.job
[2011/07/07 21:13:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/07 21:12:59 | 1274,597,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/07 19:11:46 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/07 18:53:51 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/07 18:53:51 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/05 12:00:44 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1010.job
[2011/07/04 22:24:37 | 000,001,209 | ---- | M] () -- C:\WINDOWS\checkip.dat
[2011/07/04 13:29:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1011.job
[2011/07/04 02:03:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/02 21:37:22 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/02 21:37:21 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Google Chrome.lnk
[2011/07/02 21:09:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 12:14:27 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/21 16:18:42 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/16 03:08:49 | 000,000,173 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/06/16 03:04:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 11:39:25 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1010.job
[2011/07/05 11:39:21 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1010.job
[2011/07/04 22:12:07 | 000,001,209 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2011/07/04 13:22:52 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1011.job
[2011/07/04 13:22:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1011.job
[2011/07/04 11:13:44 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 11:13:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 16:00:28 | 1274,597,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/06 13:59:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2011/06/06 13:59:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2011/06/06 13:58:07 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2011/06/06 13:57:26 | 000,335,872 | R--- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2011/03/12 09:46:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2011/03/06 14:42:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/06/26 17:50:32 | 000,057,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/11 03:05:13 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/09 18:42:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/15 02:40:38 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/05 08:53:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/10 21:46:47 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\BuGHkSmUat.gif
[2009/05/10 21:46:47 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\BuGHkSmUzn.gif
[2009/05/10 21:46:47 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\BuGHkSmUby.gif
[2009/01/15 19:42:36 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2008/12/29 15:46:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/22 10:16:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2008/12/21 22:37:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/12/21 22:37:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/12/21 22:33:46 | 000,034,699 | ---- | C] () -- C:\WINDOWS\System32\hlp.dat
[2008/12/21 22:33:40 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/12/21 22:33:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/12/21 22:33:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/12/21 22:33:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/12/21 22:33:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/12/21 22:32:30 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/12/21 22:32:30 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/12/21 22:32:30 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/12/21 22:32:30 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/12/21 22:32:30 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/12/21 22:32:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/12/21 22:31:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/23 18:11:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2006/06/20 09:40:14 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2006/05/18 07:01:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2006/05/03 10:31:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2005/06/23 22:37:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2005/05/03 12:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/10/27 17:57:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 22:46:37 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/26 22:45:58 | 000,013,949 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 22:45:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 22:19:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 22:02:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/26 22:02:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/26 22:02:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/26 21:33:02 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 21:33:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 21:32:36 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 21:04:20 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 21:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/26 20:57:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/26 20:44:44 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 20:44:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 20:44:01 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/26 20:44:01 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/26 13:51:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/26 13:50:42 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/02 11:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/06 13:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2011/07/05 20:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/11/30 11:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/15 02:00:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/20 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/12 16:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\4shared Desktop
[2011/06/06 14:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\5400 Series
[2010/09/03 14:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CBBA4F5CAC49E43D0DE707F15B35AD0A
[2009/06/24 00:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/05 08:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2011/07/02 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PriceGong
[2004/10/26 23:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2009/11/30 10:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox
[2009/01/15 19:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2010/09/19 22:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Unity
[2011/07/04 02:03:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >

OTL extras log:

OTL Extras logfile created on: 7/8/2011 8:41:36 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.32 Gb Available Physical Memory | 26.70% Memory free
2.84 Gb Paging File | 2.24 Gb Available in Paging File | 78.82% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.61 Gb Total Space | 23.64 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
Drive D: | 3.27 Gb Total Space | 0.33 Gb Free Space | 10.17% Space Free | Partition Type: FAT32

Computer Name: HESTER | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Dogpile Toolbar\TroubleShooter.exe" = C:\Program Files\Dogpile Toolbar\TroubleShooter.exe:*:Enabled:Dogpile Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files\Dogpile Toolbar\ToolbarUpdate.exe" = C:\Program Files\Dogpile Toolbar\ToolbarUpdate.exe:*:Enabled:Dogpile Toolbar (Update) -- (FreeCause Inc.)
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}" = Norton Internet Security
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A398F2DC-D706-4bb2-AC38-5532CD229D08}" = CC_ccProxyMSI
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"4shared Desktop" = 4shared Desktop
"4shared.com Toolbar" = 4shared.com Toolbar
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"BackWeb-6750491 Uninstaller" = Compaq Connections
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"conduitEngine" = Conduit Engine
"CouponAlert_2pbar Uninstall" = Coupon Alert
"CSCLIB" = Canon Camera Support Core Library
"Dogpile Toolbar" = Dogpile Toolbar
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InterActual Player" = InterActual Player
"JixeySearchHelper" = Jixey Search Helper
"Lexmark 5400 Series" = Lexmark 5400 Series
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Meep" = Meep Media Downloader
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Playsushi" = Playsushi
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S3" = VIA/S3G Display Driver
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SymSetup.{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall (Symantec Corporation)
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wizards of Waverly Place The Movie" = Wizards of Waverly Place The Movie Screen Saver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"PowerTeacher Gradebook" = PowerTeacher Gradebook
"Smilebox" = Smilebox
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2011 2:18:15 PM | Computer Name = HESTER | Source = Google Update | ID = 20
Description =

Error - 7/8/2011 3:18:14 PM | Computer Name = HESTER | Source = Google Update | ID = 20
Description =

Error - 7/8/2011 4:18:14 PM | Computer Name = HESTER | Source = Google Update | ID = 20
Description =

Error - 7/8/2011 5:18:15 PM | Computer Name = HESTER | Source = Google Update | ID = 20
Description =

Error - 7/8/2011 6:18:14 PM | Computer Name = HESTER | Source = Google Update | ID = 20
Description =

Error - 7/8/2011 6:23:50 PM | Computer Name = HESTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015164a.

Error - 7/8/2011 7:18:14 PM | Computer Name = HESTER | Source = Google Update | ID = 20
Description =

Error - 7/8/2011 7:18:50 PM | Computer Name = HESTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015164a.

Error - 7/8/2011 8:07:04 PM | Computer Name = HESTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0015164a.

Error - 7/8/2011 8:18:17 PM | Computer Name = HESTER | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 7/6/2011 11:25:47 AM | Computer Name = HESTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 0011D813A762 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/6/2011 11:27:10 AM | Computer Name = HESTER | Source = Dhcp | ID = 1002
Description = The IP address lease 65.27.179.206 for the Network Card with network
address 0011D813A762 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/6/2011 11:31:15 AM | Computer Name = HESTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.2 for the Network Card with network
address 0011D813A762 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/7/2011 7:12:15 PM | Computer Name = HESTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/7/2011 7:12:15 PM | Computer Name = HESTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/7/2011 8:39:56 PM | Computer Name = HESTER | Source = Dhcp | ID = 1002
Description = The IP address lease 65.27.179.206 for the Network Card with network
address 0011D813A762 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/7/2011 8:44:30 PM | Computer Name = HESTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/7/2011 8:44:30 PM | Computer Name = HESTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/7/2011 9:13:27 PM | Computer Name = HESTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/7/2011 9:13:27 PM | Computer Name = HESTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello timbotheking,

Welcome back to the Malware forum.

Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {19A0F032-27D7-4227-BBB5-51AA9E5904F5} - C:\Program Files\Dogpile Toolbar\Helper.dll ()
    FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\5.bin\NPFunWeb.dll (Fun Web Products, Inc.)
    O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
    O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Freecause Toolbar BHO) - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Toolbar) - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll ()
    O4 - HKLM..\Run: [4shared Update] C:\Program Files\4shared Desktop\checkUpdate.exe (New IT Solutions)
    O4 - HKCU..\Run: [4shared Desktop] C:\Program Files\4shared Desktop\desktop.exe (New IT Solutions)
    O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
    
    :Commands
    [emptyflash]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

After that

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

So when you return please post

  • OTL fix log
  • MBAM log
  • aswMBR log

  • 0

#3
timbotheking

timbotheking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I followed the directions you gave me. However, after running OTL and rebooting the system, no log was produced. Please find below, though, the logs to MBAM and aswMBR:

MBAM:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7200

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/19/2011 10:36:51 AM
mbam-log-2011-07-19 (10-36-51).txt

Scan type: Quick scan
Objects scanned: 218728
Time elapsed: 13 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{60fc9013-4a5a-4306-9695-fce0a6617f22} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CouponAlert_2p.ToolbarPlugin.1 (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CouponAlert_2p.ToolbarPlugin (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.FunWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CouponAlert_2p Browser Plugin Loader (Adware.FunWeb) -> Value: CouponAlert_2p Browser Plugin Loader -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\compaq_owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\compaq_owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (PUP.PlaySushi) -> Not selected for removal.

Files Infected:
c:\Program Files\CouponAlert_2p\bar\1.bin\2pbrstub.dll (Adware.FunWeb) -> Delete on reboot.
c:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe (Adware.FunWeb) -> Delete on reboot.
c:\Program Files\CouponAlert_2p\bar\1.bin\2pauxstb.dll (Adware.FunWeb) -> Delete on reboot.
c:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (Adware.FunWeb) -> Delete on reboot.
c:\Program Files\CouponAlert_2p\bar\1.bin\2pdlghk.dll (Adware.FunWeb) -> Delete on reboot.
c:\program files\couponalert_2p\bar\1.bin\2pbarsvc.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\program files\couponalert_2p\bar\1.bin\2pbar.dll (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\5.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\audiosrv32.dll (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\temp\dogpile_sub_installer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\temp\7dhb1yqs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\temp\keql3h4p.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\temp\l7z43use.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\temp\9xzwbufp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\temp\2rnmnmg1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\jessica\local settings\Temp\0.6180637483531817.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\local settings\application data\windows server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Installr\5.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\compaq_owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\compaq_owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\pstextlinks.jar (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\compaq_owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\playsushiff.dll (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\compaq_owner\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\playsushiff.xpt (PUP.PlaySushi) -> Not selected for removal.


aswMBR:

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-19 10:51:01
-----------------------------
10:51:01.343 OS Version: Windows 5.1.2600 Service Pack 3
10:51:01.343 Number of processors: 1 586 0xA00
10:51:01.343 ComputerName: HESTER UserName:
10:51:02.703 Initialize success
10:51:23.265 AVAST engine download error: 0
10:51:50.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort2
10:51:50.281 Disk 0 Vendor: WDC_WD600BB-22JHA0 05.01C05 Size: 57241MB BusType: 3
10:51:50.281 Device \Device\Ide\IdeDeviceP2T0L0-12 -> \??\IDE#DiskWDC_WD600BB-22JHA0______________________05.01C05#4457572d4143394d333237333539203320202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
10:51:50.281 Device \Driver\atapi -> DriverStartIo 8969faea
10:51:52.312 Disk 0 MBR read successfully
10:51:52.312 Disk 0 MBR scan
10:51:52.312 Disk 0 unknown MBR code
10:51:54.312 Disk 0 scanning sectors +117210240
10:51:54.390 Disk 0 scanning C:\WINDOWS\system32\drivers
10:52:10.046 File: C:\WINDOWS\system32\drivers\viaide.sys TDL3 **ROOTKIT**
10:52:10.953 Service scanning
10:52:13.296 Disk 0 trace - called modules:
10:52:13.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8969fd01]<<
10:52:13.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89774ab8]
10:52:13.812 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x897d19e8]
10:52:13.812 5 ACPI.sys[ba05f620] -> nt!IofCallDriver -> [0x89775d98]
10:52:13.828 [0x8965bf38] -> IRP_MJ_CREATE -> 0x8969fd01
10:52:13.828 Scan finished successfully
10:52:36.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
10:52:36.265 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"


Thank you for your assistance!
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello timbotheking,

However, after running OTL and rebooting the system, no log was produced.


Should have been on your desktop or where ever you downloaded OTL too.

In any event a copy of an OTL fix log is saved in a text file at

:\_OTL\Moved Files
in most cases this will be C:\_OTL\Moved Files

right click on Start > Explore and navigate to C:\_OTL\Moved Files. Locate the text file and copy and paste the contents back here.

Next

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


When you return please post

[a]OTL fix log... assuming you have found it
[b]TDSSKiller log

  • 0

#5
timbotheking

timbotheking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
emeraldnzl,

Please find below the OTL and TDSKiller logs. Thanks.

OTL logs:

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ deleted successfully.
C:\Program Files\4shared.com\prxtb4sh2.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{19A0F032-27D7-4227-BBB5-51AA9E5904F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19A0F032-27D7-4227-BBB5-51AA9E5904F5}\ deleted successfully.
C:\Program Files\Dogpile Toolbar\Helper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ deleted successfully.
C:\Program Files\FunWebProducts\Installr\5.bin\NPFunWeb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found.
File C:\Program Files\4shared.com\prxtb4sh2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\ deleted successfully.
C:\Program Files\PlaySushi\PSText.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ deleted successfully.
C:\Program Files\Dogpile Toolbar\Toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found.
File C:\Program Files\4shared.com\prxtb4sh2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C53FE659-316A-4F56-A194-A5BE491BE866} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53FE659-316A-4F56-A194-A5BE491BE866}\ deleted successfully.
File C:\Program Files\Dogpile Toolbar\Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}\ not found.
File C:\Program Files\4shared.com\prxtb4sh2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C53FE659-316A-4F56-A194-A5BE491BE866} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53FE659-316A-4F56-A194-A5BE491BE866}\ not found.
File C:\Program Files\Dogpile Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4shared Update deleted successfully.
C:\Program Files\4shared Desktop\checkUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4shared Desktop deleted successfully.
C:\Program Files\4shared Desktop\desktop.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ deleted successfully.
File C:\Program Files\PlaySushi\PSText.dll not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 3844514 bytes

User: Default User
->Flash cache emptied: 56504 bytes

User: jessica
->Flash cache emptied: 64681 bytes

User: Joan
->Flash cache emptied: 56909 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 2717 bytes

User: tim
->Flash cache emptied: 56504 bytes

Total Flash Files Cleaned = 4.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07182011_105706


========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found.
File C:\Program Files\4shared.com\prxtb4sh2.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{19A0F032-27D7-4227-BBB5-51AA9E5904F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19A0F032-27D7-4227-BBB5-51AA9E5904F5}\ not found.
File C:\Program Files\Dogpile Toolbar\Helper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ not found.
File C:\Program Files\FunWebProducts\Installr\5.bin\NPFunWeb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found.
File C:\Program Files\4shared.com\prxtb4sh2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\ not found.
File C:\Program Files\PlaySushi\PSText.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{399C60D2-38B1-4E25-B9E7-6498C1BC2DCD}\ not found.
File C:\Program Files\Dogpile Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found.
File C:\Program Files\4shared.com\prxtb4sh2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C53FE659-316A-4F56-A194-A5BE491BE866} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53FE659-316A-4F56-A194-A5BE491BE866}\ not found.
File C:\Program Files\Dogpile Toolbar\Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}\ not found.
File C:\Program Files\4shared.com\prxtb4sh2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C53FE659-316A-4F56-A194-A5BE491BE866} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53FE659-316A-4F56-A194-A5BE491BE866}\ not found.
File C:\Program Files\Dogpile Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4shared Update not found.
File C:\Program Files\4shared Desktop\checkUpdate.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4shared Desktop not found.
File C:\Program Files\4shared Desktop\desktop.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ not found.
File C:\Program Files\PlaySushi\PSText.dll not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Compaq_Owner
->Flash cache emptied: 560 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: jessica
->Flash cache emptied: 982 bytes

User: Joan
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: tim
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07182011_220544




TDSKiller log:


2011/07/19 22:18:50.0625 6152 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/19 22:18:52.0625 6152 ================================================================================
2011/07/19 22:18:52.0625 6152 SystemInfo:
2011/07/19 22:18:52.0625 6152
2011/07/19 22:18:52.0625 6152 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/19 22:18:52.0625 6152 Product type: Workstation
2011/07/19 22:18:52.0625 6152 ComputerName: HESTER
2011/07/19 22:18:52.0625 6152 UserName: Compaq_Owner
2011/07/19 22:18:52.0625 6152 Windows directory: C:\WINDOWS
2011/07/19 22:18:52.0625 6152 System windows directory: C:\WINDOWS
2011/07/19 22:18:52.0625 6152 Processor architecture: Intel x86
2011/07/19 22:18:52.0625 6152 Number of processors: 1
2011/07/19 22:18:52.0625 6152 Page size: 0x1000
2011/07/19 22:18:52.0625 6152 Boot type: Normal boot
2011/07/19 22:18:52.0625 6152 ================================================================================
2011/07/19 22:18:54.0125 6152 Initialize success
2011/07/19 22:18:56.0187 6680 ================================================================================
2011/07/19 22:18:56.0187 6680 Scan started
2011/07/19 22:18:56.0187 6680 Mode: Manual;
2011/07/19 22:18:56.0187 6680 ================================================================================
2011/07/19 22:18:59.0359 6680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/19 22:18:59.0640 6680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/19 22:18:59.0968 6680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/19 22:19:00.0171 6680 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/19 22:19:00.0421 6680 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/19 22:19:01.0484 6680 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/07/19 22:19:01.0953 6680 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/07/19 22:19:02.0218 6680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/19 22:19:02.0812 6680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/19 22:19:03.0015 6680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/19 22:19:03.0312 6680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/19 22:19:03.0468 6680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/19 22:19:03.0671 6680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/19 22:19:03.0890 6680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/19 22:19:04.0250 6680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/19 22:19:04.0390 6680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/19 22:19:04.0578 6680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/19 22:19:05.0234 6680 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/07/19 22:19:05.0640 6680 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2011/07/19 22:19:05.0875 6680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/19 22:19:06.0093 6680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/19 22:19:06.0312 6680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/19 22:19:06.0515 6680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/19 22:19:06.0718 6680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/19 22:19:07.0046 6680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/19 22:19:07.0234 6680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/19 22:19:07.0406 6680 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/07/19 22:19:07.0609 6680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/19 22:19:07.0812 6680 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/07/19 22:19:08.0000 6680 FETNDISB (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
2011/07/19 22:19:08.0187 6680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/19 22:19:08.0375 6680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/19 22:19:08.0562 6680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/19 22:19:08.0765 6680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/19 22:19:08.0953 6680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/19 22:19:09.0140 6680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/19 22:19:09.0343 6680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/19 22:19:09.0562 6680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/19 22:19:09.0843 6680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/19 22:19:10.0359 6680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/19 22:19:10.0500 6680 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/19 22:19:10.0718 6680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/19 22:19:11.0062 6680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/19 22:19:11.0234 6680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/19 22:19:11.0421 6680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/19 22:19:11.0609 6680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/19 22:19:11.0781 6680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/19 22:19:11.0984 6680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/19 22:19:12.0203 6680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/19 22:19:12.0375 6680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/19 22:19:12.0593 6680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/19 22:19:12.0781 6680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/19 22:19:12.0984 6680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/19 22:19:13.0187 6680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/19 22:19:13.0406 6680 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/19 22:19:13.0703 6680 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/19 22:19:13.0937 6680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/19 22:19:14.0140 6680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/19 22:19:14.0296 6680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/19 22:19:14.0437 6680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/19 22:19:14.0703 6680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/19 22:19:14.0921 6680 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/19 22:19:15.0156 6680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/19 22:19:15.0343 6680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/19 22:19:15.0515 6680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/19 22:19:15.0687 6680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/19 22:19:15.0890 6680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/19 22:19:16.0078 6680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/19 22:19:16.0312 6680 NAVENG (494c4ebfee40baaff49492b97abaf18c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090225.021\NAVENG.Sys
2011/07/19 22:19:16.0390 6680 NAVEX15 (f4a95d6d20767a5f1f2b2fed261a1b23) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090225.021\NavEx15.Sys
2011/07/19 22:19:16.0625 6680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/19 22:19:17.0015 6680 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/19 22:19:17.0234 6680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/19 22:19:17.0546 6680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/19 22:19:17.0937 6680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/19 22:19:18.0234 6680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/19 22:19:18.0593 6680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/19 22:19:19.0156 6680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/19 22:19:19.0656 6680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/19 22:19:19.0890 6680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/19 22:19:20.0140 6680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/19 22:19:20.0312 6680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/19 22:19:20.0500 6680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/19 22:19:20.0671 6680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/19 22:19:20.0906 6680 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/07/19 22:19:21.0171 6680 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
2011/07/19 22:19:21.0406 6680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/19 22:19:21.0609 6680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/19 22:19:21.0796 6680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/19 22:19:22.0000 6680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/19 22:19:22.0312 6680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/19 22:19:22.0437 6680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/19 22:19:23.0421 6680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/19 22:19:23.0593 6680 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/19 22:19:23.0796 6680 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/07/19 22:19:24.0031 6680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/19 22:19:24.0203 6680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/19 22:19:24.0296 6680 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/19 22:19:24.0687 6680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/19 22:19:24.0890 6680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/19 22:19:25.0078 6680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/19 22:19:25.0265 6680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/19 22:19:25.0468 6680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/19 22:19:25.0656 6680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/19 22:19:25.0875 6680 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/19 22:19:26.0093 6680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/19 22:19:26.0312 6680 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/07/19 22:19:26.0406 6680 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/19 22:19:26.0453 6680 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/07/19 22:19:26.0500 6680 SASKUTIL (81c02ea5f88ca4125e579384dfd75e3a) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/07/19 22:19:26.0593 6680 SAVRT (3d2eb85b0a130cba0cd08bcdd2b2e485) c:\Program Files\Norton AntiVirus\SAVRT.SYS
2011/07/19 22:19:26.0656 6680 SAVRTPEL (a5d09f85b8717bbf67520b1cc71d641f) c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
2011/07/19 22:19:26.0875 6680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/19 22:19:27.0078 6680 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/19 22:19:27.0281 6680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/19 22:19:27.0484 6680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/19 22:19:27.0765 6680 SiS315 (020467b4ee7f73c304943bf0e3e4d526) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/07/19 22:19:27.0937 6680 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/07/19 22:19:28.0125 6680 SiSkp (02960a9c3f4e5178edbd9c0d2d995b3b) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/07/19 22:19:28.0453 6680 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/07/19 22:19:28.0687 6680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/19 22:19:28.0890 6680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/19 22:19:29.0109 6680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/19 22:19:29.0343 6680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/19 22:19:29.0531 6680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/19 22:19:29.0968 6680 SYMDNS (ee912e097aeece377574a6237aee8bf0) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/07/19 22:19:30.0078 6680 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS
2011/07/19 22:19:30.0281 6680 SYMFW (c8054d5c05251b0878817e72e0a410f9) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/07/19 22:19:30.0468 6680 SYMIDS (e6104e41ea83bae13f305441b171162d) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/07/19 22:19:30.0687 6680 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20101230.002\symidsco.sys
2011/07/19 22:19:30.0890 6680 SYMNDIS (9e46285fdfa4cf9c2db45da570796b55) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/07/19 22:19:31.0093 6680 SYMREDRV (ed5f0c723c496d7fe3a5008377be41a9) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/07/19 22:19:31.0296 6680 SYMTDI (6557f9879548f1d7a9a059e037820408) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/07/19 22:19:31.0750 6680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/19 22:19:31.0984 6680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/19 22:19:32.0218 6680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/19 22:19:32.0406 6680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/19 22:19:32.0609 6680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/19 22:19:32.0906 6680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/19 22:19:33.0250 6680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/19 22:19:33.0484 6680 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/19 22:19:33.0687 6680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/19 22:19:33.0890 6680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/19 22:19:34.0093 6680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/19 22:19:34.0296 6680 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/19 22:19:34.0500 6680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/19 22:19:34.0687 6680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/19 22:19:34.0875 6680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/19 22:19:35.0062 6680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/19 22:19:35.0265 6680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/19 22:19:35.0453 6680 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/07/19 22:19:35.0656 6680 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/07/19 22:19:35.0859 6680 ViaIde (621b6426234efa24a61af25ce42c127f) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/19 22:19:35.0859 6680 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\viaide.sys. Real md5: 621b6426234efa24a61af25ce42c127f, Fake md5: 3b3efcda263b8ac14fdf9cbdd0791b2e
2011/07/19 22:19:35.0875 6680 ViaIde - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/19 22:19:36.0062 6680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/19 22:19:36.0312 6680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/19 22:19:36.0484 6680 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/07/19 22:19:36.0843 6680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/19 22:19:37.0171 6680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/19 22:19:37.0375 6680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/19 22:19:37.0437 6680 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0
2011/07/19 22:19:37.0468 6680 Boot (0x1200) (0ac114196c8705e5af0d4cf881dd8c0e) \Device\Harddisk0\DR0\Partition0
2011/07/19 22:19:37.0515 6680 Boot (0x1200) (d36bbf03ed1802d1878d648efa6ec23b) \Device\Harddisk0\DR0\Partition1
2011/07/19 22:19:37.0515 6680 ================================================================================
2011/07/19 22:19:37.0515 6680 Scan finished
2011/07/19 22:19:37.0515 6680 ================================================================================
2011/07/19 22:19:37.0562 7432 Detected object count: 1
2011/07/19 22:19:37.0562 7432 Actual detected object count: 1
2011/07/19 22:20:15.0718 7432 ViaIde (621b6426234efa24a61af25ce42c127f) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/19 22:20:15.0718 7432 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\viaide.sys. Real md5: 621b6426234efa24a61af25ce42c127f, Fake md5: 3b3efcda263b8ac14fdf9cbdd0791b2e
2011/07/19 22:20:18.0203 7432 Backup copy not found, trying to cure infected file..
2011/07/19 22:20:18.0203 7432 Cure success, using it..
2011/07/19 22:20:18.0234 7432 C:\WINDOWS\system32\DRIVERS\viaide.sys - will be cured after reboot
2011/07/19 22:20:18.0234 7432 Rootkit.Win32.TDSS.tdl3(ViaIde) - User select action: Cure
2011/07/19 22:20:45.0156 5780 Deinitialize success


Thanks.
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello timbotheking

Let's see how successful TDSSKiller was.

Double click the aswMBR.exe to run it again.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#7
timbotheking

timbotheking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
emeraldnzl,

Please find below the aswMBR log:

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-20 18:42:25
-----------------------------
18:42:25.609 OS Version: Windows 5.1.2600 Service Pack 3
18:42:25.609 Number of processors: 1 586 0xA00
18:42:25.609 ComputerName: HESTER UserName:
18:42:26.437 Initialize success
18:42:34.390 AVAST engine download error: 0
18:42:40.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
18:42:40.328 Disk 0 Vendor: WDC_WD600BB-22JHA0 05.01C05 Size: 57241MB BusType: 3
18:42:40.343 Disk 0 MBR read successfully
18:42:40.359 Disk 0 MBR scan
18:42:40.359 Disk 0 unknown MBR code
18:42:40.359 Disk 0 scanning sectors +117210240
18:42:40.437 Disk 0 scanning C:\WINDOWS\system32\drivers
18:42:53.625 Service scanning
18:42:55.812 Disk 0 trace - called modules:
18:42:55.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys tsk421.tmp PCIIDEX.SYS
18:42:55.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x897d0ab8]
18:42:55.828 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x897cb9e8]
18:42:55.828 5 ACPI.sys[ba04a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x89726d98]
18:42:56.328 Scan finished successfully
18:43:08.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
18:43:08.062 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi timbotheking,

Looking much better.

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Click Start and if your security program asks you if you want to allow the program, click yes.
  • If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
  • Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\b]log.txt[/b] (open Notepad > File > Open and navigate to the log.txt)
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#9
timbotheking

timbotheking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
emeraldnzl,

I completed the ESET scan and below is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
OnlineCmdLineScanner.exe@High:Finished. 3.0.2
lost connection with client# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b94de1a72f1a8d478f419c761c83fbb0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 03:23:58
# local_time=2011-07-20 11:23:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3586 16764889 100 90 64140962 735506343 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=138540
# found=39
# cleaned=36
# scan_time=7503
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\PlaySushiFF.dll probably a variant of Win32/Adware.Gamevance.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\17\7560f91-5c28e625 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-13e5a1ac probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\23\966ced7-409a9792 a variant of Win32/Kryptik.MUW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-6fc52fe9 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\5\43458f85-469ce15b a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-10136e16 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\56\21bbb478-3087f448 probably a variant of Win32/Agent.RPSVWU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\fa8f07a-769a86a2 probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jar_cache2866387004567501222.tmp a variant of Java/TrojanDownloader.OpenStream.NBU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jar_cache3596099810039088240.tmp a variant of Java/Exploit.Agent.NAL trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jar_cache716784406843315256.tmp multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\miaB7.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\8QA9JX3V\C0[1].php a variant of Java/TrojanDownloader.OpenStream.NAZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\F0D8AKUC\C0[1].php a variant of Java/TrojanDownloader.OpenStream.NAZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\HRAT2AX7\C0[1].php a variant of Java/TrojanDownloader.OpenStream.NAZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CouponAlert_2p\bar\1.bin\2pdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CouponAlert_2p\bar\1.bin\2phtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CouponAlert_2p\bar\1.bin\2phtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CouponAlert_2p\bar\1.bin\2pPlugin.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CouponAlert_2p\bar\1.bin\2pskin.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3FE4697-A95B-4476-A0D8-DD1DBA8414B7}\RP302\A0036565.dll probably a variant of Win32/Adware.Gamevance.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3FE4697-A95B-4476-A0D8-DD1DBA8414B7}\RP302\A0036566.dll a variant of Win32/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3FE4697-A95B-4476-A0D8-DD1DBA8414B7}\RP302\A0036567.dll probably a variant of Win32/Toolbar.MyWebSearch.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3FE4697-A95B-4476-A0D8-DD1DBA8414B7}\RP302\A0036568.dll probably a variant of Win32/Toolbar.MyWebSearch.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3FE4697-A95B-4476-A0D8-DD1DBA8414B7}\RP302\A0036569.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3FE4697-A95B-4476-A0D8-DD1DBA8414B7}\RP302\A0036570.dll a variant of Win32/Toolbar.MyWebSearch.P application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\explorer.exe Win32/Bamital.DX trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\hlp.dat Win32/Bamital.DZ trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\winlogon.exe Win32/Bamital.DX trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\07182011_105706\C_Program Files\Dogpile Toolbar\Helper.dll probably a variant of Win32/Agent.ETETDLM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07182011_105706\C_Program Files\FunWebProducts\Installr\5.bin\NPFUNWEB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} Win32/Bamital.DX trojan 00000000000000000000000000000000 I


When the computer came back up this morning, it was as if I was starting up the computer for the first time. All of my documents and saved files are gone now and programs need to be updated (i.e. internet explorer, itunes, etc.) But the system seems to be running much better. I have not had the browser window closing out on me unexpectedly or the "internet exploer has encountered and error and needs to close" dialog box pop up on me. When I first log onto the computer, it still says the file "compaq connections.exe.vir" cannot be opened. I still don't know what that means. Any ideas? Thanks.
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again timbotheking,

All of my documents and saved files are gone now and programs need to be updated (i.e. internet explorer, itunes, etc.)


Are these still not there?

Also are the icons on your desktop there or have they disappeared as well?

Tell me when you come back. Meantime don't remove any of your machines temp files.

When I first log onto the computer, it still says the file "compaq connections.exe.vir" cannot be opened. I still don't know what that means. Any ideas? Thanks.


Compaq connections.exe is part of HP messenging service which automatically sends you information, tips, ideas and HP special offers. In itself it is not malicious however.vir usually means the file has been identified as a virus by an anti-virus program. Might be that it was infected or maybe a false positive and moved to quarantine. At some later time the file has be taken out of quarantine and returned to it's original location. Otherwise it is suspicious. In the OTL fix below I am removing it. We will also carry out a search to see it is elswhere on your machine.

For now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe.vir (Hewlett-Packard)
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

Next

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    Compaq Connections.exe.vir
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
  • 0

Advertisements


#11
timbotheking

timbotheking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
emeraldnzl,

Yes, all of my documents are still gone from my system. Several desktop icons that were there previously are not there, but many of the main ones are. The programs I have downloaded to my desktop recently, including OTL, TDSSKiller, etc. are gone from the desktop (the icons at least). In addition, all of my microsoft office products are no longer on the system. It says they must be reinstalled.


OTL log:

========== OTL ==========
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk moved successfully.
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe.vir moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 07222011_184159



After saving the systemlook.exe to my desktop, I clicked run at which point a dialog box appeared indicating "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem." Now, I tried several more times to download the application but kept receiving the same message.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello timbotheking,

After saving the systemlook.exe to my desktop, I clicked run at which point a dialog box appeared indicating "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem." Now, I tried several more times to download the application but kept receiving the same message.


Okay, leave that for now.

Do this

Download unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.

After that

  • Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP 
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)

When you come back please post
  • OTL log
  • and tell me if after running Unhide.exe there has been any change to your machine

  • 0

#13
timbotheking

timbotheking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
emeraldnzl,

I did as you instructed and below are the OTL logs:

OTL logfile created on: 7/23/2011 10:39:09 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 65.39% Memory free
2.83 Gb Paging File | 2.60 Gb Available in Paging File | 91.86% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.61 Gb Total Space | 22.45 Gb Free Space | 42.67% Space Free | Partition Type: NTFS
Drive D: | 3.27 Gb Total Space | 0.33 Gb Free Space | 10.17% Space Free | Partition Type: FAT32

Computer Name: STEVESR | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/23 22:37:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\OTL.exe
PRC - [2004/10/22 11:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/08/18 10:44:36 | 000,176,768 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\navapsvc.exe
PRC - [2004/08/13 23:17:48 | 000,164,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/13 23:17:40 | 000,197,752 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/08/13 23:17:38 | 000,058,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/13 22:00:44 | 000,206,048 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/08/06 03:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/09 02:18:40 | 000,218,232 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe


========== Modules (SafeList) ==========

MOD - [2011/07/23 22:37:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\OTL.exe
MOD - [2004/08/04 15:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2004/08/18 10:44:56 | 000,046,208 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2004/08/18 10:44:36 | 000,176,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2004/08/13 23:17:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/13 23:17:46 | 000,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/13 23:17:40 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/13 22:00:44 | 000,206,048 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/08/06 03:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/23 22:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/07/21 19:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/12/09 02:18:40 | 000,218,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)


========== Driver Services (SafeList) ==========

DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 10:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/27 17:46:20 | 000,261,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20040813.178\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2004/10/06 12:00:00 | 000,617,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2004/10/06 12:00:00 | 000,068,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVENG.SYS -- (NAVENG)
DRV - [2004/10/01 20:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/30 01:55:50 | 000,229,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/09/24 13:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/08/13 22:00:24 | 000,266,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/13 22:00:22 | 000,025,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/08/13 22:00:20 | 000,034,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/08/13 22:00:18 | 000,046,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/08/13 22:00:16 | 000,171,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/08/13 22:00:12 | 000,011,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/08/09 22:59:32 | 000,103,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/07/23 22:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/07/23 22:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/07/21 19:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/29 20:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/18 19:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 14:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 20:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/30 01:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NAV CfgWiz] c:\Program Files\Norton AntiVirus\CfgWiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/26 21:00:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 22:37:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\OTL.exe
[2011/07/23 08:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Local Settings\Application Data\Temp
[2011/07/22 11:19:03 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2011/07/22 11:19:03 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/07/22 11:19:03 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/07/22 11:19:03 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2011/07/22 11:19:03 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/07/22 11:19:03 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2011/07/22 11:19:03 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2011/07/22 11:19:03 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/07/22 11:19:03 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2011/07/22 11:19:03 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/07/22 11:18:35 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/07/22 11:18:35 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2011/07/22 11:18:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2011/07/22 11:18:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/07/22 11:18:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2011/07/22 11:18:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/07/22 11:18:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2011/07/22 11:18:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/07/22 11:18:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2011/07/22 11:18:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/07/22 11:18:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2011/07/22 11:18:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/07/22 11:18:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2011/07/22 11:18:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/07/22 11:18:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2011/07/22 11:18:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/07/22 11:18:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2011/07/22 11:18:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/07/22 11:18:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2011/07/22 11:18:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/07/22 11:18:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2011/07/22 11:18:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/07/22 11:18:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2011/07/22 11:18:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/07/22 11:18:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2011/07/22 11:18:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/07/22 11:17:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/07/22 11:17:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2011/07/22 11:17:27 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/07/22 11:17:27 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/07/22 11:17:27 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/07/22 11:17:27 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2011/07/22 11:17:26 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2011/07/22 11:17:26 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/07/22 11:17:26 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/07/22 11:17:26 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2011/07/22 11:17:26 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/07/22 11:17:26 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/07/22 11:17:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/07/22 11:17:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2011/07/22 11:17:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/07/22 11:17:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/07/22 11:17:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2011/07/22 11:17:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/07/22 11:17:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2011/07/22 11:17:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2011/07/22 11:17:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/07/22 11:17:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2011/07/22 11:17:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/07/22 11:17:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2011/07/22 11:17:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/07/22 11:17:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2011/07/22 11:17:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/07/22 11:17:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2011/07/22 11:17:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/07/22 11:17:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2011/07/22 11:17:19 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2011/07/22 11:17:19 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/07/22 11:17:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2011/07/22 11:17:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/07/22 11:17:19 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/07/22 11:17:19 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/07/22 11:17:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2011/07/22 11:17:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/07/22 11:17:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2011/07/22 11:17:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/07/22 11:17:18 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/07/22 11:17:16 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2011/07/22 11:17:16 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/07/22 11:17:15 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2011/07/22 11:17:15 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/07/22 11:17:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2011/07/22 11:17:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2011/07/22 11:17:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2011/07/22 11:17:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2011/07/22 11:17:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2011/07/22 11:17:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011/07/22 11:17:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2011/07/22 11:17:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2011/07/22 11:17:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2011/07/22 11:17:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2011/07/22 11:17:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2011/07/22 11:17:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2011/07/22 10:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Google
[2011/07/22 10:02:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Local Settings\Application Data\Google
[2011/07/22 09:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Adobe
[2011/07/22 09:56:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/21 21:06:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\PrivacIE
[2011/07/21 21:02:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\IETldCache
[2011/07/21 20:22:42 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/07/21 20:22:42 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/07/21 20:22:42 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/07/21 20:22:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/07/21 20:22:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/07/21 20:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/07/21 19:08:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/07/21 19:04:46 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/07/21 19:02:56 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/07/21 19:02:23 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/07/21 19:02:23 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/07/21 19:02:21 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/07/21 19:02:20 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/07/21 18:55:00 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2011/07/21 18:50:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/21 18:50:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/07/21 18:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/07/21 18:45:27 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/07/21 17:45:35 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2011/07/21 17:45:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2011/07/21 16:27:05 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/07/21 16:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Template
[2011/07/21 15:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\MSNInstaller
[2011/07/21 15:08:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\UserData
[2011/07/21 15:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Macromedia
[2011/07/21 15:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/07/21 15:06:09 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/21 15:06:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/21 15:06:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/21 15:06:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/21 15:06:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/21 14:58:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Recent
[2011/07/21 14:56:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Microsoft
[2011/07/21 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\SampleView
[2011/07/21 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Identities
[2011/07/21 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Apple Computer
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\Startup
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\SendTo
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents\My Pictures
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents\My Music
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Favorites
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data
[2011/07/21 14:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\Accessories
[2011/07/21 14:56:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Cookies
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\WINDOWS
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Templates
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Symantec
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Sun
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\SpySubtract Spyware Manager
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\PrintHood
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\PC Help & Tools
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\Online Services
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\NetHood
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Local Settings\Application Data\Microsoft
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Local Settings
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Local Settings\Application Data\ApplicationHistory
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Local Settings\Application Data\Apple Computer
[2011/07/21 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.STEVESR\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2011/07/21 14:51:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/07/20 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/18 10:57:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/15 16:44:35 | 000,000,000 | ---D | C] -- C:\Firefox
[2011/07/15 16:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/15 16:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegWork
[2011/07/15 16:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\RegWork
[2011/07/15 16:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/07/07 18:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/07/07 18:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/07/07 18:47:57 | 000,000,000 | ---D | C] -- C:\17a2adeab0eea6167f307d0e1d0e4c35
[2011/07/05 20:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/07/04 11:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/07/04 11:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2002/04/11 01:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/23 22:37:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\OTL.exe
[2011/07/23 22:33:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3099956112-2596822647-424640563-1008UA.job
[2011/07/23 22:26:16 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\unhide.exe
[2011/07/23 22:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 22:01:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/23 11:33:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3099956112-2596822647-424640563-1008Core.job
[2011/07/23 08:12:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 03:25:36 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/23 03:25:36 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/23 03:24:24 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/07/23 03:24:12 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1008.job
[2011/07/23 03:24:12 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1010.job
[2011/07/23 03:24:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1011.job
[2011/07/23 03:23:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 03:23:56 | 1274,597,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/23 03:07:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/22 20:00:00 | 000,000,544 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
[2011/07/22 18:49:45 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\SystemLook.exe
[2011/07/22 18:43:16 | 000,147,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/22 09:56:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/21 23:00:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Regwork.job
[2011/07/21 21:02:50 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/21 18:51:34 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2011/07/21 18:10:59 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents\feburary calendar.wps
[2011/07/21 18:10:59 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\wklnhst.dat
[2011/07/21 18:10:57 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents\janurary calendar 2012.wps
[2011/07/21 17:35:16 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents\march calendar.wps
[2011/07/21 15:05:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/07/21 15:05:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/21 15:05:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/21 15:05:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/21 15:05:51 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/21 15:02:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/07/21 15:02:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2011/07/21 14:58:28 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\Register with HP.url
[2011/07/21 14:57:03 | 000,001,842 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PP195AA-ABA SR1300NX NA510_YC_0Pres_QCNH448_E51NAheREL1_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M1216_J60_7AMD_8Sempron_92_#081222_N11063065_Z11C1048C_G11067205_OBENQ DVD DC DQ60.MRK
[2011/07/21 14:56:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/21 14:54:46 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/21 14:52:52 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2011/07/21 08:02:15 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1008.job
[2011/07/20 16:59:19 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1010.job
[2011/07/20 14:19:13 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[2011/07/19 10:21:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 13:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1011.job
[2011/07/18 02:03:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/07/10 14:09:27 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/07/04 22:24:37 | 000,001,209 | ---- | M] () -- C:\WINDOWS\checkip.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/23 22:26:10 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\unhide.exe
[2011/07/22 18:47:36 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\SystemLook.exe
[2011/07/22 11:19:03 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/07/22 11:19:03 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/22 11:19:03 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/07/22 11:19:03 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/07/22 11:18:50 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/07/22 11:18:50 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/07/22 11:18:50 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/07/22 11:18:50 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/07/22 11:18:50 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/07/22 11:18:50 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/07/22 11:18:49 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/07/22 11:18:49 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/07/22 11:18:49 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/07/22 11:18:49 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/07/22 11:18:49 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/07/22 11:18:49 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/07/22 11:18:49 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/07/22 11:18:49 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/07/22 11:18:49 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/07/22 11:18:35 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/07/22 11:18:35 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/07/22 11:18:35 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/07/22 11:17:19 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/07/21 17:54:33 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents\janurary calendar 2012.wps
[2011/07/21 17:25:25 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents\march calendar.wps
[2011/07/21 16:38:56 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\My Documents\feburary calendar.wps
[2011/07/21 16:01:27 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\wklnhst.dat
[2011/07/21 15:02:47 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/07/21 14:58:28 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\Register with HP.url
[2011/07/21 14:56:52 | 000,001,842 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PP195AA-ABA SR1300NX NA510_YC_0Pres_QCNH448_E51NAheREL1_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M1216_J60_7AMD_8Sempron_92_#081222_N11063065_Z11C1048C_G11067205_OBENQ DVD DC DQ60.MRK
[2011/07/21 14:56:27 | 1274,597,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/21 14:56:11 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\Help and Support.lnk
[2011/07/21 14:56:11 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/21 14:56:11 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/21 14:56:11 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/07/21 14:56:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/21 14:56:10 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Local Settings\Application Data\fusioncache.dat
[2011/07/21 14:56:09 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\Remote Assistance.lnk
[2011/07/21 14:56:09 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\Internet Explorer.lnk
[2011/07/21 14:56:09 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\Windows Media Player.lnk
[2011/07/21 14:56:09 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.STEVESR\Start Menu\Programs\Outlook Express.lnk
[2011/07/21 14:54:39 | 000,001,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL® for Broadband.lnk
[2011/07/21 14:54:39 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL®.lnk
[2011/07/20 14:19:13 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AWMODEM.INF
[2011/07/19 10:21:21 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/15 16:45:27 | 000,000,248 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/15 16:44:29 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\Regwork.job
[2011/07/05 11:39:25 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1010.job
[2011/07/05 11:39:21 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1010.job
[2011/07/04 22:12:07 | 000,001,209 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2011/07/04 13:22:52 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3099956112-2596822647-424640563-1011.job
[2011/07/04 13:22:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3099956112-2596822647-424640563-1011.job
[2011/07/04 11:13:44 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 11:13:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/12 09:46:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2011/03/06 14:42:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/06/05 08:53:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/29 15:46:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/21 22:37:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2008/12/21 22:37:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/12/21 22:37:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/12/21 22:33:40 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/12/21 22:33:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/12/21 22:33:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/12/21 22:33:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/12/21 22:33:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/12/21 22:32:30 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/12/21 22:32:30 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/12/21 22:32:30 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/12/21 22:32:30 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/12/21 22:32:30 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/12/21 22:32:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/12/21 22:31:54 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/05/03 11:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/10/27 17:57:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/26 22:46:37 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/26 22:45:58 | 000,013,949 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/26 22:45:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/26 22:19:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/26 22:02:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/26 22:02:35 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/26 22:02:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/26 21:33:02 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/26 21:33:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/26 21:32:36 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/26 21:04:20 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/26 21:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/26 20:57:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/26 20:44:44 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/26 20:44:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/26 20:44:01 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/26 20:44:01 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/26 13:51:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/26 13:50:42 | 000,147,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/14 02:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 06:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 06:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/02 10:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/04/11 02:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/10/26 23:01:18 | 000,000,104 | ---- | M] () -- C:\.lnk
[2011/07/21 13:23:55 | 000,102,540 | ---- | M] () -- C:\aaw7boot.log
[2011/04/22 15:24:46 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2011/04/22 15:24:46 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2004/10/26 21:00:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/07/21 14:52:52 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2011/07/21 18:51:34 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2004/08/04 06:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/10/26 21:00:03 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/23 03:23:56 | 1274,597,376 | -HS- | M] () -- C:\hiberfil.sys
[2004/10/26 21:32:36 | 000,000,002 | ---- | M] () -- C:\hpbi.log
[2004/10/26 21:00:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/24 00:40:59 | 000,007,292 | ---- | M] () -- C:\JavaRa.log
[2011/07/20 10:25:47 | 000,746,290 | ---- | M] () -- C:\lxct.log
[2011/07/20 10:25:47 | 000,097,941 | ---- | M] () -- C:\lxctscan.log
[2004/10/26 21:00:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/07/23 03:23:55 | 1912,602,624 | -HS- | M] () -- C:\pagefile.sys
[2011/07/19 22:20:45 | 000,044,826 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_19.07.2011_22.18.50_log.txt
[2011/07/19 22:43:27 | 000,002,148 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_19.07.2011_22.35.17_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/10/26 13:49:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/10/26 13:49:51 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/10/26 13:49:51 | 000,868,352 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-23 07:07:47

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 09:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< End of report >


OTL extras:

OTL Extras logfile created on: 7/23/2011 10:39:09 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 65.39% Memory free
2.83 Gb Paging File | 2.60 Gb Available in Paging File | 91.86% Paging File free
Paging file location(s): C:\pagefile.sys 1824 3648 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.61 Gb Total Space | 22.45 Gb Free Space | 42.67% Space Free | Partition Type: NTFS
Drive D: | 3.27 Gb Total Space | 0.33 Gb Free Space | 10.17% Space Free | Partition Type: FAT32

Computer Name: STEVESR | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}" = Norton Internet Security
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A398F2DC-D706-4bb2-AC38-5532CD229D08}" = CC_ccProxyMSI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"BackWeb-6750491 Uninstaller" = Compaq Connections
"Help and Support Additions" = Help and Support Additions
"ie8" = Windows Internet Explorer 8
"InstallShield_{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"S3" = VIA/S3G Display Driver
"SymSetup.{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall (Symantec Corporation)
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 7/22/2011 6:49:45 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/22/2011 6:49:45 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/22/2011 6:49:45 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 7/22/2011 6:51:33 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/22/2011 6:51:33 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/22/2011 6:51:33 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 7/22/2011 6:51:41 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/22/2011 6:51:41 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 7/22/2011 6:51:41 PM | Computer Name = STEVESR | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\Compaq_Owner.STEVESR\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 7/23/2011 1:26:37 AM | Computer Name = STEVESR | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.


< End of report >



Also, after running unhide.exe, there was no change in the system. My files are still not there, nor did it reproduce any icons on the desktop.

Thanks.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again timbotheking,

This is a nasty infection that the programming guys are still working on finding a solution for.

Here a couple of solutions to try:

Firstly

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image

Once they are, click on the Restore button.

After that

Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image

This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
[attachment=50717:Repair.zip]
To use this download the attached zip file
Extract the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu
Posted Image
Posted Image

Come back and tell me how you got on.
  • 0

#15
timbotheking

timbotheking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
emeraldnzl,

Sorry, I got a bit confused. I did the first 2 things you asked, Restore Accessory Programs, and Admin Tools. I got lost after that. You said,

"This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
[attachment=50717:Repair.zip]
To use this download the attached zip file
Extract the repair.vbs file to your destop"

I saw the shortcut to Ramesh's site on the desktop, but then where is the zip file I'm supposed to be downloading? I could not find the repair.zip that you mentioned. What am I missing? Thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP