Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

weird start up issues possible infection?

Started by njlock , Jul 18 2011 09:00 AM

  • Please log in to reply

#1
njlock
Posted 18 July 2011 - 09:00 AM

njlock

    Member

  • Member
  • PipPipPip
  • 353 posts
My original post> "Posted 15 June 2011 - 02:14 PM originally posted in "Geeks to Go Forums > Operating Systems > Windows XP™, 2000, 2003, NT"
When I restart my computor, (dell inspiron 530 4g ram, XP professional), it locks up with the desktop background picture showing, but no icons or toolbars showing, and this goes on for 5-7 minutes +/-. it seems like forever. It's been happening for awhile now, and I have no idea what programs installation may have triggered it. (maybe carbonite?)I use Microsoft Essentials, and it shows no infections. When it first happened, I thought it was locked up permenantly, but then I left it alone and eventually it continued the startup.
Any ideas?
Thanks"

http://www.geekstogo..._1#entry2027578



After some diagnostics, the moderator who was helping me, rshaffer61, said
"Posted 20 June 2011 - 05:37 PM
ok I don't see anything for spybot but I do see 4 entries that have strange characters in it.
It looks like a possible infection may be in your system."


I've been busy and delayed addressing this issue, & rarely restart my pc, but for whatever reason, I decided to shut down for the weekend & give it a break, well I almost broke it in the process. Went to restart this morning, and got a messg. "USER ENVIORMENT" Windows can not find local profile and is logging you on with a temporary profile..... (could'nt get the rest).

then it shifted to a generic background with a lot less icons then I usually have.
I did a system restore to about a week ago, and went back to my normal screen.
btw, the generic background started much faster, as in normal, than my computer has been starting.
also i'm getting about 6 messages about errors such as "Can't find "****" specified in registry" "****" = those strange characters rshaffer61 mentioned.


Thanks for your help. (Trying to attach otl.txt, not sure if it's taking)


OTL logfile created on: 7/18/2011 9:41:01 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.38% Memory free
5.09 Gb Paging File | 4.04 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.39 Gb Total Space | 237.65 Gb Free Space | 51.40% Space Free | Partition Type: NTFS
Drive D: | 1.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOSSSILVERDELL | User Name: DAVID CREIGHTON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 09:39:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads\OTL.exe
PRC - [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/27 15:13:18 | 007,035,392 | ---- | M] (İstanbul Elektronik Anahtar) -- C:\Program Files\Zed-BULL\Zed-BULL\Zed-BULL.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/04 15:45:06 | 001,185,592 | ---- | M] (WH Software Ltd) -- C:\Program Files\WH Software\IC\Bin\ICSvr.exe
PRC - [2011/04/04 15:45:01 | 006,168,888 | ---- | M] (WH Software Ltd) -- C:\Program Files\WH Software\IC\Bin\IC.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/23 18:15:38 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010/11/23 18:13:50 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/23 10:03:59 | 000,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe
PRC - [2008/06/20 09:09:06 | 000,493,312 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2002/02/26 16:57:24 | 002,101,760 | ---- | M] () -- C:\INTEGRA\ULTIMATE.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/18 09:39:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/04 15:45:06 | 001,185,592 | ---- | M] (WH Software Ltd) [Auto | Running] -- C:\Program Files\WH Software\IC\Bin\ICSvr.exe -- (ICDataService)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/11/23 18:13:50 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/11/23 18:11:36 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/23 10:03:59 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Running] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/08/06 11:34:02 | 000,216,032 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl2f88e729)
DRV - [2011/07/18 09:04:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{078277EF-91FD-4022-9A89-BF3E9106776A}\MpKsl2f0876b4.sys -- (MpKsl2f0876b4)
DRV - [2010/12/18 07:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/10/22 13:48:00 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/10/07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/21 22:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/10/22 16:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/05/16 04:58:46 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/20 08:32:40 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2007/12/26 03:20:36 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/08/21 14:39:20 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/08/21 14:39:18 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/08/21 14:39:04 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/05/18 09:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/10/15 03:49:22 | 000,029,292 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080617

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.keypro.info/forum.php [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/06/15 14:08:11 | 000,435,164 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14979 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\DAVID CREIGHTON\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - () - File not found
F3 - HKCU WinNT: Load - (ಝ睂诙繁翽衚繁蠪繁ါ) - File not found
F3 - HKCU WinNT: Run - () - File not found
F3 - HKCU WinNT: Run - (ಝ睂诙繁翽衚繁蠪繁ါ) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: discovercard.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: keylessride.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: keypro.info ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: tnlconnect.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range37 ([http] in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://192.168.1.102:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://192.168.1.102...VideoViewer.cab (CViewerControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1221747677171 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} http://free.aol.com/...5/aolcdt175.cab (CDToolCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{46886361-e8bd-11de-8ad1-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{46886361-e8bd-11de-8ad1-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46886361-e8bd-11de-8ad1-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O33 - MountPoints2\{46886363-e8bd-11de-8ad1-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{46886363-e8bd-11de-8ad1-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46886363-e8bd-11de-8ad1-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{899d46d4-2ed5-11e0-8b27-00038a000015}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{8e783da2-be44-11dd-8a3d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8e783da2-be44-11dd-8a3d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e783da2-be44-11dd-8a3d-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 09:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/14 08:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\My Digital Editions
[2011/06/22 10:31:57 | 000,000,000 | R--D | C] -- C:\ZedBULLfromjim62011
[2011/06/21 08:33:04 | 000,000,000 | ---D | C] -- C:\lishi
[2011/06/20 13:01:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/03 10:25:52 | 009,163,464 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/18 09:36:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/18 09:27:23 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005UA.job
[2011/07/18 09:26:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/18 09:10:10 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zed-BULL.lnk
[2011/07/18 09:00:01 | 000,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Automatic maintenance.job
[2011/07/18 08:59:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/18 08:57:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/18 08:54:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/18 08:54:11 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/18 08:53:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/18 08:53:36 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/18 08:53:36 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/16 13:50:39 | 000,045,530 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\wklnhst.dat
[2011/07/15 23:27:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005Core.job
[2011/07/09 16:32:49 | 000,000,396 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2011/07/08 09:15:39 | 000,000,190 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2011/07/08 09:15:39 | 000,000,127 | ---- | M] () -- C:\WINDOWS\SwDrvs.ini
[2011/07/07 15:56:21 | 002,764,854 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\16bitcamrystacy.bmp
[2011/07/06 15:14:30 | 000,205,633 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\16BIT_camry.JPG
[2011/07/02 10:25:36 | 000,068,022 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Image1.jpg
[2011/07/01 08:59:54 | 138,004,216 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\531 jefferson.MP4
[2011/06/29 13:27:31 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Google Chrome.lnk
[2011/06/29 13:27:31 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/25 10:01:51 | 000,061,812 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC00467 (2)xxa.jpg
[2011/06/25 09:57:32 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Paint Shop Photo Album.lnk
[2011/06/25 09:50:04 | 000,060,488 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC00464 (xx.jpg
[2011/06/25 09:48:31 | 000,060,884 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC00465 (3.jpg
[2011/06/25 09:47:33 | 000,061,098 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC00466 (2).JPG
[2011/06/23 12:30:06 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2011/06/20 16:33:01 | 000,159,510 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\untitled.JPG
[2011/06/20 13:22:00 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2011/06/20 13:09:37 | 002,764,854 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\sysconfig.bmp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 15:56:21 | 002,764,854 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\16bitcamrystacy.bmp
[2011/07/06 15:24:40 | 000,205,633 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\16BIT_camry.JPG
[2011/07/02 10:25:35 | 000,068,022 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Image1.jpg
[2011/07/01 08:57:52 | 138,004,216 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\531 jefferson.MP4
[2011/06/25 10:01:51 | 000,061,812 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC00467 (2)xxa.jpg
[2011/06/25 09:50:04 | 000,060,488 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC00464 (xx.jpg
[2011/06/25 09:48:31 | 000,060,884 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC00465 (3.jpg
[2011/06/25 09:47:33 | 000,061,098 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC00466 (2).JPG
[2011/06/25 09:42:58 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Paint Shop Photo Album.lnk
[2011/06/23 12:30:05 | 000,010,920 | ---- | C] () -- C:\aolconnfix.exe
[2011/06/20 16:33:01 | 000,159,510 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\untitled.JPG
[2011/06/20 13:10:03 | 000,001,119 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/20 13:09:37 | 002,764,854 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\sysconfig.bmp
[2011/04/21 14:49:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p17].bmp
[2011/04/21 14:49:27 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p16].bmp
[2011/04/21 14:49:23 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p15].bmp
[2011/04/21 14:49:19 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p14].bmp
[2011/04/21 14:49:15 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p13].bmp
[2011/04/21 14:49:10 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p12].bmp
[2011/04/21 14:49:06 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p11].bmp
[2011/04/21 14:49:03 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p10].bmp
[2011/04/21 14:48:59 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p09].bmp
[2011/04/21 14:48:55 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p08].bmp
[2011/04/21 14:48:52 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p07].bmp
[2011/04/21 14:48:48 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p06].bmp
[2011/04/21 14:48:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p05].bmp
[2011/04/21 14:48:41 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p04].bmp
[2011/04/21 14:48:37 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p03].bmp
[2011/04/21 14:47:47 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p11].bmp
[2011/04/21 14:47:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p10].bmp
[2011/04/21 14:47:40 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p09].bmp
[2011/04/21 14:47:36 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p08].bmp
[2011/04/21 14:47:32 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p07].bmp
[2011/04/21 14:47:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p06].bmp
[2011/04/21 14:47:25 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p05].bmp
[2011/04/21 14:47:21 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p04].bmp
[2011/04/21 14:47:17 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p03].bmp
[2011/04/21 14:47:14 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p02].bmp
[2011/04/21 14:47:10 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p01].bmp
[2011/04/21 14:45:32 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p22].bmp
[2011/04/21 14:45:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p21].bmp
[2011/04/21 14:45:25 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p20].bmp
[2011/04/21 14:45:22 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p19].bmp
[2011/04/21 14:45:18 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p18].bmp
[2011/04/21 14:45:14 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p17].bmp
[2011/04/21 14:45:11 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p16].bmp
[2011/04/21 14:45:07 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p15].bmp
[2011/04/21 14:45:03 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p14].bmp
[2011/04/21 14:44:59 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p13].bmp
[2011/04/21 14:44:56 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p12].bmp
[2011/04/21 14:44:52 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p11].bmp
[2011/04/21 14:44:48 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p10].bmp
[2011/04/21 14:44:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p09].bmp
[2011/04/21 14:44:41 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p08].bmp
[2011/04/21 14:44:37 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p07].bmp
[2011/04/21 14:44:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p06].bmp
[2011/04/21 14:44:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p05].bmp
[2011/04/21 14:44:26 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p04].bmp
[2011/04/21 14:44:22 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p03].bmp
[2011/04/21 14:44:18 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p02].bmp
[2011/04/21 14:44:15 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p01].bmp
[2011/04/08 12:46:03 | 000,000,071 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2011/04/08 12:46:00 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\USB_IO.dll
[2010/12/09 18:46:33 | 000,000,132 | ---- | C] () -- C:\WINDOWS\MYOBPOpt.INI
[2010/12/09 18:38:10 | 000,000,396 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2010/12/09 18:16:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2010/12/09 18:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2010/09/02 17:52:07 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/06/30 12:13:39 | 000,632,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/26 11:27:31 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/05/25 15:25:02 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/23 16:22:01 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/12/28 16:10:30 | 000,186,823 | ---- | C] () -- C:\WINDOWS\hpwins23.dat.temp
[2009/12/28 16:10:30 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat.temp
[2009/12/18 15:52:34 | 000,185,733 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2009/12/18 15:52:34 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/06 11:32:43 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\essfaxpm.dll
[2009/03/21 09:33:40 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2IMG.dat
[2009/02/26 10:00:21 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2009/02/26 10:00:21 | 000,000,232 | ---- | C] () -- C:\WINDOWS\System32\winsusrx.dll
[2009/02/16 09:42:03 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\learnburn_usersettings.xml
[2009/01/13 16:25:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/07 12:02:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/06 15:32:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\$_hpcst$.hpc
[2008/10/28 10:08:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2008/10/28 10:08:06 | 000,000,115 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/09/18 11:10:17 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2008/08/20 13:48:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/08/20 13:35:14 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/08/05 22:14:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008/07/10 12:57:26 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/07/10 12:56:55 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/06/30 17:18:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/23 10:23:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SCPNT16.DAT
[2008/06/20 15:14:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2008/06/20 08:14:06 | 000,045,530 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\wklnhst.dat
[2008/06/20 08:07:40 | 000,154,624 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 15:31:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/19 14:31:44 | 000,000,190 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2008/06/19 14:19:33 | 000,005,037 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\powjnvfp.pmy
[2008/06/19 14:16:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\rksfaxpm.dll
[2008/06/19 13:40:29 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/06/19 13:26:00 | 000,128,902 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2008/06/19 13:26:00 | 000,000,771 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2008/06/19 13:10:30 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\fusioncache.dat
[2008/06/17 03:17:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/17 03:01:36 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/06/17 03:01:03 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2008/06/17 02:59:50 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FontZoom.exe
[2008/06/17 02:59:50 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/06/17 02:40:25 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/17 02:40:25 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/17 02:40:25 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/17 02:40:24 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/06/17 02:40:24 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/06/17 02:40:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/06/17 02:40:18 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/06/17 02:40:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/17 02:38:52 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/11 02:29:33 | 000,008,558 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2006/07/31 01:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2006/07/31 01:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,329,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,528,346 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,097,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1996/12/04 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/04 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/06/05 10:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/10 08:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/11/27 14:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2008/09/18 11:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2011/01/07 14:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDSS
[2009/07/24 16:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2010/11/20 14:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2008/06/17 03:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/12/13 10:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/08 08:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TNL
[2010/12/04 11:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/06/17 03:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2008/06/30 17:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/26 09:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WH Software
[2009/03/20 10:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/12/04 10:58:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/04/24 12:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/13 10:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/16 10:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/09 10:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010/01/10 11:48:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/06/05 10:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\3jam
[2009/06/05 10:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\acccore
[2011/04/06 13:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Advanced Diagnostics
[2011/06/16 10:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Auslogics
[2009/01/19 10:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Blackberry Desktop
[2008/10/16 08:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Cloudmark
[2011/07/18 08:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox
[2010/03/30 12:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\GetRightToGo
[2011/01/07 14:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\IDSS
[2010/12/03 17:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\licenses
[2011/05/04 10:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\mjusbsp
[2010/12/03 17:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\PCMM2009
[2010/12/03 17:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\PCMM2010
[2010/04/09 13:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Research In Motion
[2008/10/16 08:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\SPAMfighter
[2011/04/11 17:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\TeamViewer
[2008/07/26 11:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Template
[2010/05/25 15:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\TNL
[2010/10/22 13:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\TrueCrypt
[2010/12/04 10:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\TuneUp Software
[2009/06/05 10:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Viewpoint
[2010/03/30 14:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Windows Desktop Search
[2010/05/04 13:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Windows Search
[2011/07/18 09:00:01 | 000,000,538 | ---- | M] () -- C:\WINDOWS\Tasks\Automatic maintenance.job
[2011/07/18 08:59:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/18 08:54:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by njlock, 18 July 2011 - 09:03 AM.

  • 0

Advertisements

#2
RKinner
Posted 20 July 2011 - 10:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
F3 - HKCU WinNT: Load - () - File not found
F3 - HKCU WinNT: Load - (ಝ睂诙繁翽衚繁蠪繁ါ) - File not found
F3 - HKCU WinNT: Run - () - File not found
F3 - HKCU WinNT: Run - (ಝ睂诙繁翽衚繁蠪繁ါ) - File not found
[2011/07/18 09:00:01 | 000,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Automatic maintenance.job
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
  • 0

#3
njlock
Posted 20 July 2011 - 11:09 AM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
from 1st restart


========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load: deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:ಝ睂诙繁翽衚繁蠪繁ါ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run: deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run:ಝ睂诙繁翽衚繁蠪繁ါ deleted successfully.
C:\WINDOWS\tasks\Automatic maintenance.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07202011_125516

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
njlock
Posted 20 July 2011 - 11:26 AM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load: deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:ಝ睂诙繁翽衚繁蠪繁ါ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run: deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run:ಝ睂诙繁翽衚繁蠪繁ါ deleted successfully.
C:\WINDOWS\tasks\Automatic maintenance.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07202011_125516

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 7/20/2011 1:22:30 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 72.57% Memory free
5.09 Gb Paging File | 4.35 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.39 Gb Total Space | 237.77 Gb Free Space | 51.42% Space Free | Partition Type: NTFS
Drive D: | 1.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BOSSSILVERDELL | User Name: DAVID CREIGHTON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 09:39:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads\OTL.exe
PRC - [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/04 15:45:06 | 001,185,592 | ---- | M] (WH Software Ltd) -- C:\Program Files\WH Software\IC\Bin\ICSvr.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/23 18:15:38 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010/11/23 18:13:50 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/25 12:54:52 | 005,686,256 | ---- | M] (Essential Fax Software) -- C:\Program Files\EssentialFax\essfax.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe


========== Modules (SafeList) ==========

MOD - [2011/07/18 09:39:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/04 15:45:06 | 001,185,592 | ---- | M] (WH Software Ltd) [Auto | Running] -- C:\Program Files\WH Software\IC\Bin\ICSvr.exe -- (ICDataService)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/11/23 18:13:50 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/11/23 18:11:36 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/23 10:03:59 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/08/06 11:34:02 | 000,216,032 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)


========== Driver Services (SafeList) ==========

DRV - [2011/07/20 12:56:37 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DDFAA52-5F13-41A7-BB8A-E9D7D9B7AE25}\MpKsl61c303ce.sys -- (MpKsl61c303ce)
DRV - [2011/07/20 11:28:18 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DDFAA52-5F13-41A7-BB8A-E9D7D9B7AE25}\MpKslff998c82.sys -- (MpKslff998c82)
DRV - [2010/12/18 07:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/10/22 13:48:00 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/10/07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/21 22:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/10/22 16:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/05/16 04:58:46 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/20 08:32:40 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2007/12/26 03:20:36 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/08/21 14:39:20 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/08/21 14:39:18 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/08/21 14:39:04 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/05/18 09:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/10/15 03:49:22 | 000,029,292 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080617

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.keypro.info/forum.php [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/07/20 12:55:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\DAVID CREIGHTON\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - () - File not found
F3 - HKCU WinNT: Run - () - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: discovercard.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: keylessride.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: keypro.info ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: tnlconnect.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range37 ([http] in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://192.168.1.102:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://192.168.1.102...VideoViewer.cab (CViewerControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1221747677171 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} http://free.aol.com/...5/aolcdt175.cab (CDToolCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{46886361-e8bd-11de-8ad1-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{46886361-e8bd-11de-8ad1-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46886361-e8bd-11de-8ad1-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O33 - MountPoints2\{46886363-e8bd-11de-8ad1-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{46886363-e8bd-11de-8ad1-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46886363-e8bd-11de-8ad1-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{899d46d4-2ed5-11e0-8b27-00038a000015}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{8e783da2-be44-11dd-8a3d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{8e783da2-be44-11dd-8a3d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e783da2-be44-11dd-8a3d-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 12:55:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/14 08:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\My Digital Editions
[2011/06/22 10:31:57 | 000,000,000 | R--D | C] -- C:\ZedBULLfromjim62011
[2011/06/21 08:33:04 | 000,000,000 | ---D | C] -- C:\lishi
[2010/12/03 10:25:52 | 009,163,464 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2011/07/20 13:01:38 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/20 13:00:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/20 12:56:41 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/20 12:56:40 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/20 12:56:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/20 12:56:24 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 12:55:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/20 12:27:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005UA.job
[2011/07/20 12:26:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/20 08:32:41 | 000,000,396 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2011/07/20 08:32:35 | 000,000,190 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2011/07/20 08:32:35 | 000,000,127 | ---- | M] () -- C:\WINDOWS\SwDrvs.ini
[2011/07/19 23:27:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005Core.job
[2011/07/19 13:17:05 | 000,045,630 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\wklnhst.dat
[2011/07/19 10:41:04 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zed-BULL.lnk
[2011/07/18 14:28:14 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Google Chrome.lnk
[2011/07/18 14:28:14 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/18 11:22:17 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/18 09:36:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/25 09:57:32 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Paint Shop Photo Album.lnk
[2011/06/23 12:30:06 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

========== Files Created - No Company Name ==========

[2011/06/25 09:42:58 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Paint Shop Photo Album.lnk
[2011/06/23 12:30:05 | 000,010,920 | ---- | C] () -- C:\aolconnfix.exe
[2011/04/21 14:49:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p17].bmp
[2011/04/21 14:49:27 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p16].bmp
[2011/04/21 14:49:23 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p15].bmp
[2011/04/21 14:49:19 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p14].bmp
[2011/04/21 14:49:15 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p13].bmp
[2011/04/21 14:49:10 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p12].bmp
[2011/04/21 14:49:06 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p11].bmp
[2011/04/21 14:49:03 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p10].bmp
[2011/04/21 14:48:59 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p09].bmp
[2011/04/21 14:48:55 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p08].bmp
[2011/04/21 14:48:52 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p07].bmp
[2011/04/21 14:48:48 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p06].bmp
[2011/04/21 14:48:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p05].bmp
[2011/04/21 14:48:41 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p04].bmp
[2011/04/21 14:48:37 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p03].bmp
[2011/04/21 14:47:47 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p11].bmp
[2011/04/21 14:47:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p10].bmp
[2011/04/21 14:47:40 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p09].bmp
[2011/04/21 14:47:36 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p08].bmp
[2011/04/21 14:47:32 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p07].bmp
[2011/04/21 14:47:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p06].bmp
[2011/04/21 14:47:25 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p05].bmp
[2011/04/21 14:47:21 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p04].bmp
[2011/04/21 14:47:17 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p03].bmp
[2011/04/21 14:47:14 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p02].bmp
[2011/04/21 14:47:10 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p01].bmp
[2011/04/21 14:45:32 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p22].bmp
[2011/04/21 14:45:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p21].bmp
[2011/04/21 14:45:25 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p20].bmp
[2011/04/21 14:45:22 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p19].bmp
[2011/04/21 14:45:18 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p18].bmp
[2011/04/21 14:45:14 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p17].bmp
[2011/04/21 14:45:11 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p16].bmp
[2011/04/21 14:45:07 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p15].bmp
[2011/04/21 14:45:03 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p14].bmp
[2011/04/21 14:44:59 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p13].bmp
[2011/04/21 14:44:56 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p12].bmp
[2011/04/21 14:44:52 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p11].bmp
[2011/04/21 14:44:48 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p10].bmp
[2011/04/21 14:44:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p09].bmp
[2011/04/21 14:44:41 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p08].bmp
[2011/04/21 14:44:37 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p07].bmp
[2011/04/21 14:44:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p06].bmp
[2011/04/21 14:44:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p05].bmp
[2011/04/21 14:44:26 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p04].bmp
[2011/04/21 14:44:22 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p03].bmp
[2011/04/21 14:44:18 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p02].bmp
[2011/04/21 14:44:15 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p01].bmp
[2011/04/08 12:46:03 | 000,000,071 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2011/04/08 12:46:00 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\USB_IO.dll
[2010/12/09 18:46:33 | 000,000,132 | ---- | C] () -- C:\WINDOWS\MYOBPOpt.INI
[2010/12/09 18:38:10 | 000,000,396 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2010/12/09 18:16:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2010/12/09 18:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2010/09/02 17:52:07 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/06/30 12:13:39 | 000,632,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/26 11:27:31 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/05/25 15:25:02 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/23 16:22:01 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/12/28 16:10:30 | 000,186,823 | ---- | C] () -- C:\WINDOWS\hpwins23.dat.temp
[2009/12/28 16:10:30 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat.temp
[2009/12/18 15:52:34 | 000,185,733 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2009/12/18 15:52:34 | 000,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/06 11:32:43 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\essfaxpm.dll
[2009/03/21 09:33:40 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2IMG.dat
[2009/02/26 10:00:21 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2009/02/26 10:00:21 | 000,000,232 | ---- | C] () -- C:\WINDOWS\System32\winsusrx.dll
[2009/02/16 09:42:03 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\learnburn_usersettings.xml
[2009/01/13 16:25:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/07 12:02:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/06 15:32:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\$_hpcst$.hpc
[2008/10/28 10:08:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2008/10/28 10:08:06 | 000,000,115 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/09/18 11:10:17 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2008/08/20 13:48:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/08/20 13:35:14 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/08/05 22:14:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008/07/10 12:57:26 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/07/10 12:56:55 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/06/30 17:18:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/23 10:23:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SCPNT16.DAT
[2008/06/20 15:14:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2008/06/20 08:14:06 | 000,045,630 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\wklnhst.dat
[2008/06/20 08:07:40 | 000,154,624 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 15:31:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/19 14:31:44 | 000,000,190 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2008/06/19 14:19:33 | 000,005,037 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\powjnvfp.pmy
[2008/06/19 14:16:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\rksfaxpm.dll
[2008/06/19 13:40:29 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/06/19 13:26:00 | 000,128,902 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2008/06/19 13:26:00 | 000,000,771 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2008/06/19 13:10:30 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\fusioncache.dat
[2008/06/17 03:17:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/17 03:01:36 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/06/17 03:01:03 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2008/06/17 02:59:50 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FontZoom.exe
[2008/06/17 02:59:50 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/06/17 02:40:25 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/17 02:40:25 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/17 02:40:25 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/17 02:40:24 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/06/17 02:40:24 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/06/17 02:40:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/06/17 02:40:18 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/06/17 02:40:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/17 02:38:52 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/11 02:29:33 | 000,008,558 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2006/07/31 01:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2006/07/31 01:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,329,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,528,346 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,097,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1996/12/04 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/04 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#5
RKinner
Posted 20 July 2011 - 11:38 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Got rid of some of them. One more time:

Copy the text between the stars by highlighting and Ctrl + c

**********

:processes
killallprocesses

:OTL
F3 - HKCU WinNT: Load - () - File not found
F3 - HKCU WinNT: Run - () - File not found

:Commands
[Reboot]

******
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Ron
  • 0

#6
njlock
Posted 20 July 2011 - 11:43 AM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7212

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/20/2011 1:34:15 PM
mbam-log-2011-07-20 (13-34-15).txt

Scan type: Quick scan
Objects scanned: 191695
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
njlock
Posted 20 July 2011 - 11:58 AM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
As you can see I got as far as malwarebytes, and after this post am going to start the combo fix.

I redid the otl as per your instructions, and I don't think it took, I'm getting the same (but less than before) odd characters error mssgs

Thanks a LOT, btw! I appreciate your help immensely, I plan to donate as soon as I get a chance.


========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load: deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run: deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 07202011_134436

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
RKinner
Posted 20 July 2011 - 12:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall Spybot S&D. It sometimes fights us when we try to make registry changes. Then try the last OTL script again.

Ron
  • 0

#9
njlock
Posted 20 July 2011 - 12:22 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
ok did this, I don't think it took?

do you want me to proceed with combofix?

thanks again.


========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load: deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run: deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 07202011_141505

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#10
RKinner
Posted 20 July 2011 - 12:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Yes, please go on.
  • 0

Advertisements

#11
njlock
Posted 20 July 2011 - 12:50 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
ComboFix 11-07-20.02 - DAVID CREIGHTON 07/20/2011 14:39:53.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2580 [GMT -4:00]
Running from: c:\documents and settings\DAVID CREIGHTON\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt
c:\documents and settings\DAVID CREIGHTON\Application Data\Microsoft\Internet Explorer\Desktop.htt
c:\documents and settings\DAVID CREIGHTON\g2mdlhlpx.exe
c:\documents and settings\DAVID CREIGHTON\WINDOWS
c:\windows\ST6UNST.000
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 17:24 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 17:24 . 2011-07-20 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 17:24 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 16:55 . 2011-07-20 16:55 -------- d-----w- C:\_OTL
2011-07-20 15:28 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DDFAA52-5F13-41A7-BB8A-E9D7D9B7AE25}\mpengine.dll
2011-07-18 12:51 . 2011-07-18 12:51 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-23 16:30 . 2011-06-23 16:30 10920 ----a-w- C:\aolconnfix.exe
2011-06-22 14:31 . 2011-06-22 14:32 -------- d-----r- C:\ZedBULLfromjim62011
2011-06-21 12:33 . 2011-06-21 12:34 -------- d-----w- C:\lishi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 12:39 . 2011-06-15 12:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2011-02-12 19:34 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 14:02 . 2004-08-11 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 08:52 . 2011-03-23 17:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2008-09-25 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2004-08-11 21:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-11 21:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-11 21:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-11 21:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-08-11 21:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-11 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-11 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-11 21:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-03 14:25 . 2010-12-03 14:25 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2007-07-16 16132608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-3 9163464]
.
c:\documents and settings\DAVID CREIGHTON\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" -b
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"cdloader"="c:\documents and settings\DAVID CREIGHTON\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
"Aim"="c:\program files\AIM\aim.exe" /d locale=en-US
"EssentialFax"="c:\program files\EssentialFax\essfax.exe"
"Google Update"="c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"OEM05Mon.exe"=c:\windows\OEM05Mon.exe
"PMX Daemon"=ICO.EXE
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"HostManager"="c:\program files\Common Files\AOL\1214860790\ee\AOLSoftware.exe"
"RKS Fax Print Controller"="c:\program files\RKS Fax\rksfax_control.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Essential Fax Print Controller"="c:\program files\EssentialFax\essfaxcontrol.exe"
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe"
"KernelFaultCheck"="%systemroot%\system32\dumprep" 0 -k
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"CMS"="c:\program files\CMS\EXE\Open.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1214860790\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kaba\\E-Plex PC M-Unit\\EplexPCMU.exe"=
"c:\\Documents and Settings\\DAVID CREIGHTON\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\DAVID CREIGHTON\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30630:TCP"= 30630:TCP:InstaCode
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 8:32 AM 15328]
R2 ICDataService;IC Data Server;c:\program files\WH Software\IC\Bin\ICSvr.exe [3/26/2010 6:48 AM 1185592]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2011 1:24 PM 366640]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [11/23/2010 6:13 PM 1483072]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/5/2009 10:18 AM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2011 1:24 PM 22712]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [6/17/2008 3:01 AM 31616]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 11:51 AM 135664]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [4/8/2011 12:45 PM 29292]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 11:51 AM 135664]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [6/17/2008 2:40 AM 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [6/17/2008 2:40 AM 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [6/17/2008 2:40 AM 235616]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [8/6/2008 11:34 AM 216032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 15:51]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 15:51]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005Core.job
- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-21 17:11]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005UA.job
- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-21 17:11]
.
2011-07-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-07-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google....l/?shva=1#inbox
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
Trusted Zone: discovercard.com\www
Trusted Zone: google.com\mail
Trusted Zone: keylessride.com\www
Trusted Zone: keypro.info\www
Trusted Zone: tnlconnect.com\www
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.1.102:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.1.102:100/VideoViewer.cab
DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-TrueCrypt - J:\TrueCrypt Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-20 14:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,31,1e,2e,eb,43,04,47,99,52,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,31,1e,2e,eb,43,04,47,99,52,41,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-07-20 14:47:59
ComboFix-quarantined-files.txt 2011-07-20 18:47
ComboFix2.txt 2008-09-24 14:16
.
Pre-Run: 256,773,124,096 bytes free
Post-Run: 257,126,834,176 bytes free
.
- - End Of File - - 76156940EA67CFE4E7C0CB5A683CDC93
  • 0

#12
njlock
Posted 20 July 2011 - 12:53 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-20 14:52:09
-----------------------------
14:52:09.578 OS Version: Windows 5.1.2600 Service Pack 3
14:52:09.578 Number of processors: 4 586 0xF0B
14:52:09.578 ComputerName: BOSSSILVERDELL UserName:
14:52:10.546 Initialize success
14:52:27.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:52:27.234 Disk 0 Vendor: WDC_WD5000AAKS-75A7B0 01.03B01 Size: 476940MB BusType: 3
14:52:27.265 Disk 0 MBR read successfully
14:52:27.265 Disk 0 MBR scan
14:52:27.265 Disk 0 unknown MBR code
14:52:27.265 Disk 0 scanning sectors +976768065
14:52:27.359 Disk 0 scanning C:\WINDOWS\system32\drivers
14:52:34.531 Service scanning
14:52:35.515 Disk 0 trace - called modules:
14:52:35.531 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:52:35.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b273ab8]
14:52:35.531 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8b25ce98]
14:52:35.531 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b267940]
14:52:35.531 Scan finished successfully
14:53:01.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DAVID CREIGHTON\Desktop\MBR.dat"
14:53:01.718 The log file has been saved successfully to "C:\Documents and Settings\DAVID CREIGHTON\Desktop\aswMBR.txt"
  • 0

#13
njlock
Posted 20 July 2011 - 12:55 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
the fix button was not highlighted/selectable.
I think I've done all you've asked

Thanks again
  • 0

#14
njlock
Posted 20 July 2011 - 01:05 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
I did otl again, and I believe it took this time

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 07202011_145538

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#15
RKinner
Posted 20 July 2011 - 01:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Good. Your logs look clean with the possible exception of

"CMS"="c:\program files\CMS\EXE\Open.exe"

which has been turned off anyway. Do you know what this is?

Did you ever get an Extras file when you ran OTL? If so please post it. If not:
Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP