Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer constantly being attacked

Started by intass123 , Jul 19 2011 06:05 PM

  • This topic is locked This topic is locked

#1
intass123
Posted 19 July 2011 - 06:05 PM

intass123

    Member

  • Member
  • PipPip
  • 12 posts
Hi Forum,

This is my first post here. I sincerely would appreciate any advice or help.

My Norton AntiVirus software has been blocking and quarantining attacks to my computer for several months now. The scale of the attacks in terms of quantity has escalated since May 2011 and this weekend July 2011 the number of attacks reached an unprecedented level.

I went to the "Norton Antivirus Forum Board Community" yesterday and the members of the community were very friendly. At their suggestion, I ran a recommended software, the "Norton Power Eraser" to check for whether a malicious Rootkit was indeed on my computer. The scan worked fine and isolated a possible problem but the "fix" resulted in a error message. This leads me to believe my computer is indeed infected by malware.

I will try to post jpegs of screenshots if possible to this thread.

Thanks in advance for any help

Dan

______________

OTL logfile created on: 7/19/2011 7:35:47 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\lordbyroniv\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.02% Memory free
6.19 Gb Paging File | 4.34 Gb Available in Paging File | 70.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.18 Gb Total Space | 192.33 Gb Free Space | 67.44% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.01 Gb Free Space | 15.61% Space Free | Partition Type: NTFS

Computer Name: PATRICIACOMPU | User Name: lordbyroniv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/19 19:25:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\lordbyroniv\Desktop\OTL.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/01/23 10:18:01 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/07 16:30:26 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2008/10/07 16:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008/09/26 06:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 22:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/09/23 15:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/09/11 07:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008/09/11 07:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008/03/17 10:31:40 | 001,331,200 | ---- | M] (ChangeRequest.com) -- C:\Program Files\ChangeRequest\ChangeRequest Screenshot Tool\ScreenCap.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/11 16:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/19 19:25:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\lordbyroniv\Desktop\OTL.exe
MOD - [2011/06/15 09:26:03 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011/06/15 09:26:03 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\asOEHook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 17:24:34 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/11 07:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/11 16:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/07/07 17:01:40 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110716.031\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/02 16:28:34 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110719.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/02 16:28:33 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110719.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/19 15:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/12 17:30:13 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/12 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 20:30:38 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/09/26 06:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/13 03:13:00 | 007,391,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/11 07:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/08/28 19:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/05 23:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/22 11:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/21 06:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/28 21:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/03/27 16:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 16:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 20:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {BFF829B6-B433-42CE-9A19-E459D3E4E483}:3.6.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
FF - prefs.js..extensions.enabledItems: {f1e6d946-6b44-4f3a-8c4b-e497675c8e17}:1.0.25
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...93&searchterm="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\lordbyroniv\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/07/07 05:29:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2011/07/19 15:50:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 17:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 17:57:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BFF829B6-B433-42CE-9A19-E459D3E4E483}: C:\Users\lordbyroniv\AppData\Roaming\My.Freeze.com NetAssistant\ [2010/05/19 14:34:11 | 000,000,000 | ---D | M]

[2009/05/17 21:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Extensions
[2011/07/19 12:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions
[2009/09/07 22:06:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/02 11:50:16 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/02 11:50:14 | 000,000,000 | ---D | M] (ShopToWin16) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}
[2011/07/16 11:16:43 | 000,000,000 | ---D | M] (SEO Status PageRank/Alexa Toolbar) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions\seostatus@rubyweb
[2011/07/02 11:50:16 | 000,002,264 | ---- | M] () -- C:\Users\lordbyroniv\AppData\Roaming\Mozilla\Firefox\Profiles\9dy0g3ib.default\searchplugins\bing-zugo.xml
[2011/07/19 12:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/12 23:04:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/07/19 15:50:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_0_8
[2011/07/07 05:29:44 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2010/05/19 14:34:11 | 000,000,000 | ---D | M] (My.Freeze.com NetAssistant) -- C:\USERS\LORDBYRONIV\APPDATA\ROAMING\MY.FREEZE.COM NETASSISTANT
[2009/03/31 23:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2010/02/15 18:50:42 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [dmadmin.exe] File not found
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [gpresult.exe] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\lordbyroniv\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\lordbyroniv\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7aa6baa1-1fc9-11de-993d-002186df3869}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa6baa1-1fc9-11de-993d-002186df3869}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 19:25:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\lordbyroniv\Desktop\OTL.exe
[2011/07/19 16:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arca Solutions
[2011/07/18 22:08:41 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\AppData\Local\NPE
[2011/07/18 22:08:21 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Users\lordbyroniv\Desktop\NPE.exe
[2011/07/02 17:52:30 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Desktop\Adobe Acrobat X
[2011/07/02 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Adobe Photoshop CS5.1
[2011/07/02 16:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Photoshop
[2011/07/02 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\.thumbnails
[2011/07/02 11:51:09 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Documents\gegl-0.0
[2011/07/02 11:51:09 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\.gimp-2.6
[2011/07/02 11:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/07/02 11:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/07/02 11:14:35 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/01 18:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/07/01 18:07:47 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Adobe Illustrator CS5.1
[2011/07/01 17:57:58 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/01 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/06/23 17:47:39 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Desktop\LOGOS
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/19 19:25:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\lordbyroniv\Desktop\OTL.exe
[2011/07/19 17:49:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 17:49:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 16:29:46 | 000,148,694 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\HomePage MockUp Screenshot.jpg
[2011/07/19 16:27:11 | 000,002,031 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Screencapture Tool.lnk
[2011/07/19 15:55:21 | 000,651,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/19 15:55:21 | 000,121,692 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/19 15:49:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 15:49:30 | 3218,034,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/19 14:32:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/07/19 12:25:38 | 000,253,819 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\SHIFTING UP THROUGHOUT WEBSITE.jpg
[2011/07/19 12:07:02 | 000,291,415 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\GRAY BACKGROUND HOMEPAGE.jpg
[2011/07/18 22:16:07 | 000,829,832 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\Info20110718221257.xml
[2011/07/18 22:12:53 | 000,007,592 | ---- | M] () -- C:\Users\lordbyroniv\AppData\Local\d3d9caps.dat
[2011/07/18 22:08:32 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Users\lordbyroniv\Desktop\NPE.exe
[2011/07/18 11:32:53 | 000,094,196 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\GOLD CHART.jpg
[2011/07/16 15:14:45 | 000,020,890 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\Trademark Registration.jpg
[2011/07/14 13:09:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForlordbyroniv.job
[2011/07/14 06:46:03 | 000,075,617 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\High_Quality_Thematic_Link_Building_Proposal.pdf
[2011/07/13 21:10:04 | 000,252,479 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\qaz123456.jpg
[2011/07/13 09:50:31 | 003,742,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/07 23:15:30 | 001,981,957 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\fb_pages_manual.pdf
[2011/07/07 15:55:14 | 000,008,982 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\250x250.gif
[2011/07/07 15:41:03 | 000,003,020 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\AD22.gif
[2011/07/07 14:26:51 | 000,002,081 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\adbanner.jpg
[2011/07/06 20:17:07 | 000,255,537 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\UNITED STATES TRADEMARK REGISTRATIONS TRADEMARK LIST.pdf
[2011/07/05 22:29:52 | 000,083,998 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\KITCO.jpg
[2011/07/04 18:06:50 | 000,242,113 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\tvla.jpg
[2011/07/02 20:26:31 | 000,045,054 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\stock-photo-antique-statue-of-justice-44354326.jpg
[2011/07/02 18:06:00 | 001,421,969 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\123logo-final-GreenBackground.eps
[2011/07/02 16:50:06 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/02 16:48:28 | 002,487,648 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\AdobeDownloadAssistant.exe
[2011/07/02 09:29:50 | 000,002,260 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\la9.jpg
[2011/07/02 09:15:16 | 000,013,033 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\LA1jpg.jpg
[2011/06/30 18:38:57 | 000,131,934 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\legal.com_identity_proposal.pdf
[2011/06/27 23:03:36 | 007,944,105 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\Full History.mcf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/19 16:29:46 | 000,148,694 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\HomePage MockUp Screenshot.jpg
[2011/07/19 16:27:11 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Screencapture Tool.lnk
[2011/07/19 12:25:38 | 000,253,819 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\SHIFTING UP THROUGHOUT WEBSITE.jpg
[2011/07/19 12:07:02 | 000,291,415 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\GRAY BACKGROUND HOMEPAGE.jpg
[2011/07/18 22:16:04 | 000,829,832 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\Info20110718221257.xml
[2011/07/18 11:32:52 | 000,094,196 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\GOLD CHART.jpg
[2011/07/16 15:15:04 | 000,020,890 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\Trademark Registration.jpg
[2011/07/14 06:46:01 | 000,075,617 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\High_Quality_Thematic_Link_Building_Proposal.pdf
[2011/07/13 21:10:03 | 000,252,479 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\qaz123456.jpg
[2011/07/07 23:15:20 | 001,981,957 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\fb_pages_manual.pdf
[2011/07/07 15:47:00 | 000,008,982 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\250x250.gif
[2011/07/07 15:41:26 | 000,003,020 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\AD22.gif
[2011/07/07 15:39:46 | 000,002,081 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\adbanner.jpg
[2011/07/06 20:17:06 | 000,255,537 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\UNITED STATES TRADEMARK REGISTRATIONS TRADEMARK LIST.pdf
[2011/07/05 22:30:29 | 000,083,998 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\KITCO.jpg
[2011/07/04 18:06:50 | 000,242,113 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\tvla.jpg
[2011/07/02 20:26:44 | 000,045,054 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\stock-photo-antique-statue-of-justice-44354326.jpg
[2011/07/02 18:05:56 | 001,421,969 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\123logo-final-GreenBackground.eps
[2011/07/02 17:20:36 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/07/02 17:18:54 | 000,000,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/07/02 17:18:00 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/07/02 17:16:10 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/07/02 17:16:00 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/07/02 16:50:06 | 000,001,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/07/02 16:50:05 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/02 16:48:23 | 002,487,648 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\AdobeDownloadAssistant.exe
[2011/07/02 09:29:50 | 000,002,260 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\la9.jpg
[2011/07/02 09:15:16 | 000,013,033 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\LA1jpg.jpg
[2011/06/30 18:38:52 | 000,131,934 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\legal.com_identity_proposal.pdf
[2011/06/27 23:03:31 | 007,944,105 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\Full History.mcf
[2011/04/12 23:05:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/09 10:09:21 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/09 09:34:35 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\f9t.dat
[2011/01/20 13:26:12 | 000,121,326 | ---- | C] () -- C:\Windows\hpoins15.dat
[2011/01/20 13:26:12 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2011/01/07 18:29:09 | 000,163,161 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/01/07 18:29:09 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2010/03/27 23:22:10 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/01/29 17:19:04 | 000,029,521 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/01/29 17:19:04 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/01/29 17:19:03 | 000,020,910 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/01/29 17:19:03 | 000,020,869 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/01/29 17:18:35 | 000,049,152 | ---- | C] () -- C:\Windows\StiRegstEng.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/09/16 17:39:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 17:39:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/08 12:03:34 | 000,023,886 | ---- | C] () -- C:\Users\lordbyroniv\AppData\Local\tmpMRR.JPG
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/19 23:45:31 | 000,006,144 | ---- | C] () -- C:\Users\lordbyroniv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 07:28:51 | 000,007,592 | ---- | C] () -- C:\Users\lordbyroniv\AppData\Local\d3d9caps.dat
[2008/10/21 00:44:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/21 00:05:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/27 09:00:00 | 001,777,664 | ---- | C] () -- C:\Windows\System32\ZHP1600R.DLL
[2007/06/27 09:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGI1600.DLL
[2007/06/27 09:00:00 | 000,352,256 | ---- | C] () -- C:\Windows\System32\zSHP1600.EXE
[2007/06/27 09:00:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\ZHHP1600.EXE
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,742,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,651,210 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,121,692 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/07/02 11:14:35 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/01 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/05/12 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Data Protection
[2011/03/29 19:09:48 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Downloaded Installations
[2009/04/04 11:54:40 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\eFax Messenger
[2011/05/14 17:22:39 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\FileZilla
[2010/02/28 18:31:57 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\GanymedeNet
[2009/04/04 11:34:21 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\j2 Global
[2010/01/29 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Leadertech
[2010/05/19 14:34:11 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\My.Freeze.com NetAssistant
[2011/03/29 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Nitro PDF
[2011/04/09 09:41:00 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Stamps.com Internet Postage
[2010/05/17 11:49:47 | 000,000,000 | -HSD | M] -- C:\Users\lordbyroniv\AppData\Roaming\SystemProc
[2010/05/14 09:03:34 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Tific
[2009/10/06 16:58:43 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\webex
[2011/07/19 14:32:50 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
intass123
Posted 19 July 2011 - 06:14 PM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Below are screenshots from when the "Norton Power Eraser" was run.

Attached Thumbnails

  • N1.jpg
  • N2.jpg
  • N3.jpg

  • 0

#3
intass123
Posted 19 July 2011 - 06:20 PM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Below are screenshots of some of the "Security threats" identified by my Norton Antivirus software.

Attached Thumbnails

  • N4.jpg
  • N5.jpg
  • N6.jpg
  • N7.jpg
  • N8.jpg
  • N9.jpg
  • N10.jpg

  • 0

#4
intass123
Posted 19 July 2011 - 06:22 PM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Final Screen Shot

Attached Thumbnails

  • N11.jpg

  • 0

#5
Essexboy
Posted 23 July 2011 - 08:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, sorry for the delay. As you answered yourself we thought you were being helped

Anyway could I take a fresh look at your system please

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#6
intass123
Posted 23 July 2011 - 09:48 AM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 7/23/2011 11:41:29 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\lordbyroniv\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 34.98% Memory free
6.19 Gb Paging File | 4.19 Gb Available in Paging File | 67.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.18 Gb Total Space | 197.03 Gb Free Space | 69.09% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.01 Gb Free Space | 15.61% Space Free | Partition Type: NTFS

Computer Name: PATRICIACOMPU | User Name: lordbyroniv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/19 19:25:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\lordbyroniv\Desktop\OTL.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/01/23 10:18:01 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/07 16:30:26 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2008/10/07 16:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008/09/26 06:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/09/25 22:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/09/25 22:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/09/23 15:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/09/11 07:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008/09/11 07:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008/03/17 10:31:40 | 001,331,200 | ---- | M] (ChangeRequest.com) -- C:\Program Files\ChangeRequest\ChangeRequest Screenshot Tool\ScreenCap.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/11 16:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/19 19:25:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\lordbyroniv\Desktop\OTL.exe
MOD - [2011/06/15 09:26:03 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011/06/15 09:26:03 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\asOEHook.dll
MOD - [2011/02/17 02:23:50 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/11 02:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/04/11 02:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/04/11 02:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2008/01/20 22:24:58 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/20 22:24:13 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008/01/20 22:23:53 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 17:24:34 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/11 07:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/11 16:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/07/07 17:01:40 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110722.031\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/02 16:28:34 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110722.040\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/02 16:28:33 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110722.040\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/19 15:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110701.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/12 17:30:13 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/12 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 20:30:38 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/09/26 06:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/13 03:13:00 | 007,391,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/11 07:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/08/28 19:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/05 23:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/22 11:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/21 06:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/28 21:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/03/27 16:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 16:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 20:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-410420409-2040760954-3098474276-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-410420409-2040760954-3098474276-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-410420409-2040760954-3098474276-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-410420409-2040760954-3098474276-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.0
FF - prefs.js..extensions.enabledItems: {f1e6d946-6b44-4f3a-8c4b-e497675c8e17}:1.0.25
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...93&searchterm="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/07/07 05:29:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8 [2011/07/23 09:57:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 17:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 17:57:29 | 000,000,000 | ---D | M]

[2009/05/17 21:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Extensions
[2011/07/21 13:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions
[2009/09/07 22:06:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/02 11:50:16 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/02 11:50:14 | 000,000,000 | ---D | M] (ShopToWin16) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}
[2011/07/16 11:16:43 | 000,000,000 | ---D | M] (SEO Status PageRank/Alexa Toolbar) -- C:\Users\lordbyroniv\AppData\Roaming\mozilla\Firefox\Profiles\9dy0g3ib.default\extensions\seostatus@rubyweb
[2011/07/02 11:50:16 | 000,002,264 | ---- | M] () -- C:\Users\lordbyroniv\AppData\Roaming\Mozilla\Firefox\Profiles\9dy0g3ib.default\searchplugins\bing-zugo.xml
[2011/07/19 12:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/12 23:04:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/07/23 09:57:22 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_0_8
[2011/07/07 05:29:44 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2009/03/31 23:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2010/02/15 18:50:42 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-410420409-2040760954-3098474276-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-410420409-2040760954-3098474276-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-410420409-2040760954-3098474276-1003..\Run: [dmadmin.exe] File not found
O4 - HKU\S-1-5-21-410420409-2040760954-3098474276-1003..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-410420409-2040760954-3098474276-1003..\Run: [gpresult.exe] File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-410420409-2040760954-3098474276-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\lordbyroniv\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\lordbyroniv\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7aa6baa1-1fc9-11de-993d-002186df3869}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa6baa1-1fc9-11de-993d-002186df3869}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 11:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arca Solutions
[2011/07/23 11:28:07 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Desktop\In Progress
[2011/07/21 23:14:00 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\AppData\Roaming\Backslash
[2011/07/21 23:12:32 | 003,329,472 | ---- | C] (Backslash ) -- C:\Users\lordbyroniv\Desktop\MozzLinkPop.exe
[2011/07/20 19:23:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/20 19:15:46 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Desktop\SEO
[2011/07/20 19:08:32 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Desktop\LA WORKING
[2011/07/19 19:25:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\lordbyroniv\Desktop\OTL.exe
[2011/07/18 22:08:41 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\AppData\Local\NPE
[2011/07/18 22:08:21 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Users\lordbyroniv\Desktop\NPE.exe
[2011/07/02 17:52:30 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Desktop\Adobe Acrobat X
[2011/07/02 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Adobe Photoshop CS5.1
[2011/07/02 16:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Photoshop
[2011/07/02 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\.thumbnails
[2011/07/02 11:51:09 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Documents\gegl-0.0
[2011/07/02 11:51:09 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\.gimp-2.6
[2011/07/02 11:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/07/02 11:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/07/02 11:14:35 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/01 18:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/07/01 18:07:47 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Adobe Illustrator CS5.1
[2011/07/01 17:57:58 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/01 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/06/23 17:47:39 | 000,000,000 | ---D | C] -- C:\Users\lordbyroniv\Desktop\LOGOS
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/23 11:30:17 | 000,001,991 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Screencapture Tool.lnk
[2011/07/23 10:03:28 | 000,651,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/23 10:03:28 | 000,121,692 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/23 09:57:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/23 09:57:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/23 09:57:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/23 09:56:59 | 3215,953,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/22 21:30:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/07/21 23:12:44 | 003,329,472 | ---- | M] (Backslash ) -- C:\Users\lordbyroniv\Desktop\MozzLinkPop.exe
[2011/07/19 19:25:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\lordbyroniv\Desktop\OTL.exe
[2011/07/18 22:12:53 | 000,007,592 | ---- | M] () -- C:\Users\lordbyroniv\AppData\Local\d3d9caps.dat
[2011/07/18 22:08:32 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Users\lordbyroniv\Desktop\NPE.exe
[2011/07/14 13:09:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForlordbyroniv.job
[2011/07/13 09:50:31 | 003,742,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/02 16:50:06 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/02 16:48:28 | 002,487,648 | ---- | M] () -- C:\Users\lordbyroniv\Desktop\AdobeDownloadAssistant.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/23 11:30:17 | 000,001,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Screencapture Tool.lnk
[2011/07/02 17:20:36 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/07/02 17:18:54 | 000,000,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/07/02 17:18:00 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/07/02 17:16:10 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/07/02 17:16:00 | 000,001,340 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/07/02 16:50:06 | 000,001,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/07/02 16:50:05 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/02 16:48:23 | 002,487,648 | ---- | C] () -- C:\Users\lordbyroniv\Desktop\AdobeDownloadAssistant.exe
[2011/04/12 23:05:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/09 10:09:21 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/09 09:34:35 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\f9t.dat
[2011/01/20 13:26:12 | 000,121,326 | ---- | C] () -- C:\Windows\hpoins15.dat
[2011/01/20 13:26:12 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2011/01/07 18:29:09 | 000,163,161 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/01/07 18:29:09 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2010/03/27 23:22:10 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/01/29 17:19:04 | 000,029,521 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/01/29 17:19:04 | 000,000,022 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/01/29 17:19:03 | 000,020,910 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/01/29 17:19:03 | 000,020,869 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/09/16 17:39:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 17:39:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/08 12:03:34 | 000,023,886 | ---- | C] () -- C:\Users\lordbyroniv\AppData\Local\tmpMRR.JPG
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/19 23:45:31 | 000,006,144 | ---- | C] () -- C:\Users\lordbyroniv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 07:28:51 | 000,007,592 | ---- | C] () -- C:\Users\lordbyroniv\AppData\Local\d3d9caps.dat
[2008/10/21 00:44:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/21 00:05:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/27 09:00:00 | 001,777,664 | ---- | C] () -- C:\Windows\System32\ZHP1600R.DLL
[2007/06/27 09:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGI1600.DLL
[2007/06/27 09:00:00 | 000,352,256 | ---- | C] () -- C:\Windows\System32\zSHP1600.EXE
[2007/06/27 09:00:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\ZHHP1600.EXE
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,742,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,651,210 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,121,692 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/07/21 23:14:00 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Backslash
[2011/07/02 11:14:35 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/01 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/05/12 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Data Protection
[2011/03/29 19:09:48 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Downloaded Installations
[2009/04/04 11:54:40 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\eFax Messenger
[2011/05/14 17:22:39 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\FileZilla
[2010/02/28 18:31:57 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\GanymedeNet
[2009/04/04 11:34:21 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\j2 Global
[2010/01/29 17:21:51 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Leadertech
[2011/03/29 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Nitro PDF
[2011/04/09 09:41:00 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Stamps.com Internet Postage
[2010/05/17 11:49:47 | 000,000,000 | -HSD | M] -- C:\Users\lordbyroniv\AppData\Roaming\SystemProc
[2010/05/14 09:03:34 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\Tific
[2009/10/06 16:58:43 | 000,000,000 | ---D | M] -- C:\Users\lordbyroniv\AppData\Roaming\webex
[2011/07/22 21:30:32 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/23 17:57:28 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/23 17:57:28 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/23 17:57:28 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/23 17:57:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/23 17:57:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/23 17:57:27 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< >

< End of report >
  • 0

#7
intass123
Posted 23 July 2011 - 09:50 AM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
There is no Extras.Txt that opened up. I ran the OTL twice, and both times I only received the single OTL.TXT file posted above.

Edited by intass123, 23 July 2011 - 10:01 AM.

  • 0

#8
Essexboy
Posted 23 July 2011 - 09:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You will only get one after the first run

Lets see what aswMBR reveals next
  • 0

#9
intass123
Posted 23 July 2011 - 09:59 AM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-23 11:55:34
-----------------------------
11:55:34.769 OS Version: Windows 6.0.6002 Service Pack 2
11:55:34.769 Number of processors: 2 586 0x1706
11:55:34.770 ComputerName: PATRICIACOMPU UserName: lordbyroniv
11:55:36.421 Initialize success
11:55:41.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:55:41.921 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
11:55:41.931 Disk 0 MBR read successfully
11:55:41.939 Disk 0 MBR scan
11:55:41.944 Disk 0 unknown MBR code
11:55:41.953 Disk 0 scanning sectors +625135616
11:55:42.014 Disk 0 scanning C:\Windows\system32\drivers
11:55:48.403 Service scanning
11:55:50.056 Modules scanning
11:55:58.233 Disk 0 trace - called modules:
11:55:58.243
11:55:58.246 Scan finished successfully
11:57:40.492 Disk 0 MBR has been saved successfully to "C:\Users\lordbyroniv\Desktop\MBR.dat"
11:57:40.494 The log file has been saved successfully to "C:\Users\lordbyroniv\Desktop\aswMBR.txt"
  • 0

#10
intass123
Posted 23 July 2011 - 10:00 AM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
>>You will only get one after the first run

Lets see what aswMBR reveals next <<

I did not receive the extra.txt for either run.

Thank you sincerely for your help.

aswMBR txt file posted above

Edited by intass123, 23 July 2011 - 10:00 AM.

  • 0

Advertisements

#11
Essexboy
Posted 23 July 2011 - 10:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have a security key that you need to access the internet via the router (i.e.WEP key)

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#12
intass123
Posted 23 July 2011 - 10:34 AM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 11-07-23.01 - lordbyroniv 07/23/2011 12:18:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.1753 [GMT -4:00]
Running from: c:\users\lordbyroniv\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\users\lordbyroniv\AppData\Roaming\SystemProc
c:\users\lordbyroniv\Desktop\Setup.exe
c:\users\Public\AdobeDownloadAssistant.exe
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-23 16:27 . 2011-07-23 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 03:14 . 2011-07-22 03:14 -------- d-----w- c:\users\lordbyroniv\AppData\Roaming\Backslash
2011-07-19 02:08 . 2011-07-19 02:24 -------- d-----w- c:\users\lordbyroniv\AppData\Local\NPE
2011-07-13 01:55 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 01:55 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 01:55 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 01:55 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 01:55 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-02 20:51 . 2011-07-02 21:07 -------- d-----w- c:\users\lordbyroniv\Adobe Photoshop CS5.1
2011-07-02 20:49 . 2011-07-02 20:50 -------- d-----w- c:\program files\Photoshop
2011-07-02 20:39 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-02 15:57 . 2011-07-02 15:57 -------- d-----w- c:\users\lordbyroniv\.thumbnails
2011-07-02 15:51 . 2011-07-02 15:58 -------- d-----w- c:\users\lordbyroniv\.gimp-2.6
2011-07-02 15:50 . 2011-07-02 20:24 -------- d-----w- c:\program files\StartNow Toolbar
2011-07-02 15:50 . 2011-07-02 15:50 -------- d-----w- c:\program files\Object
2011-07-02 15:14 . 2011-07-02 15:14 -------- d-----w- c:\users\lordbyroniv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-01 22:35 . 2011-07-01 22:35 -------- d-----w- c:\programdata\ALM
2011-07-01 22:07 . 2011-07-02 21:10 -------- d-----w- c:\users\lordbyroniv\Adobe Illustrator CS5.1
2011-07-01 21:57 . 2011-07-01 21:57 -------- d-----w- c:\users\lordbyroniv\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-07-01 21:57 . 2011-07-01 21:57 -------- d-----w- c:\program files\Adobe Download Assistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 06:08 . 2011-06-14 21:15 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-14 21:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-14 21:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-14 21:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 06:04 . 2011-06-14 21:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 05:10 . 2011-06-14 21:15 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-14 21:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-14 21:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-12 21:30 . 2010-05-13 03:29 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-02 17:16 . 2011-06-14 21:15 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 21:16 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 21:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 21:15 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 21:15 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 21:15 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-01 03:47 . 2009-11-12 13:19 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-13 13584928]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-25 206120]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-13 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Screencapture Tool.lnk - c:\program files\ChangeRequest\ChangeRequest Screenshot Tool\UNWISE.EXE [2011-7-23 164864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\LORDBY~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [2011-05-19 810616]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110722.031\IDSvix86.sys [2011-07-07 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe [2008-06-27 77824]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 19456]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-03-21 68928]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-09-23 365904]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-25 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-25 116096]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-06 44576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\HPCeeScheduleForlordbyroniv.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-21 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\lordbyroniv\AppData\Roaming\Mozilla\Firefox\Profiles\9dy0g3ib.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - Ext: ShopToWin16: {f1e6d946-6b44-4f3a-8c4b-e497675c8e17} - %profile%\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}
FF - Ext: SEO Status PageRank/Alexa Toolbar: seostatus@rubyweb - %profile%\extensions\seostatus@rubyweb
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_0_8
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
HKLM-Run-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 12:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\LORDBY~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-23 12:30:45
ComboFix-quarantined-files.txt 2011-07-23 16:30
.
Pre-Run: 210,527,240,192 bytes free
Post-Run: 210,689,765,376 bytes free
.
- - End Of File - - A720DC89984B7F3AEE76104ED33E4C44
  • 0

#13
Essexboy
Posted 23 July 2011 - 10:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see no sign of malware there, are you still getting the alerts ?
  • 0

#14
intass123
Posted 23 July 2011 - 10:56 AM

intass123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No we have not received an alert since Sunday night.

As we indicated in the original post - we have been having these "attacks" blocked and quarantined by Norton for a few months now - but the attacks are sporadic.

If there is no malware installed on my computer, do you have any advice as to how we can prevent these attacks on my computer ?

Perhaps we should change service providers?

Any advice is appreciated

Dan

Edited by intass123, 23 July 2011 - 09:04 PM.

  • 0

#15
Essexboy
Posted 23 July 2011 - 11:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The first thing to do I feel is ensure that you are on a secured network, this will stop anyone accessing your router, and through that they could access your system



Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.

    Posted Image

  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP