Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help getting rid of virus in quarantine.

Started by Chasm , Jul 25 2011 01:23 PM

  • This topic is locked This topic is locked

#1
Chasm
Posted 25 July 2011 - 01:23 PM

Chasm

    New Member

  • Member
  • Pip
  • 7 posts
On Friday I downloaded Speakonia and it gave me a virus, but I had already left to go somewhere else for the weekend and when I came back home yesterday I found out that I had gotten a bunch of viruses. I deleted that application right away. The viruses had been caught by my firewall Comodo and quarantined over the weekend, but I came back home to find out that it had quarantined around 130 trojan horse, packed.generic, Securitytoolfraud, and other viruses with these names. I thought that disconnecting the network would stop this from multiplying but it hasn't. I've done a full scan on my computer and gotten rid of a few that way. I'm on a Windows Vista, and I have plenty of security applications installed like Avast, Comodo, Malwarebytes' Anti-malware, Symantec Antivirus (doing a lot of work right now, with the many quarantined viruses), and Peerblock. With all of these things, I still can't delete/remove the viruses in the quarantine. When I turned my computer off and back on this morning the viruses stopped coming up every five minutes, or multiplying, or doing whatever it was doing. However, there are still a ton of them in quarantine and I don't know how to get rid of them, because it isn't allowing removal or deletion of these viruses. Anybody know what I should do, what steps I should take? How do I get this to stop happening, and how do I get rid of all these viruses? I'll post the OTL below, since that's what you all want out of this post.


OTL logfile created on: 7/25/2011 2:30:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Don\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 26.60% Memory free
3.34 Gb Paging File | 2.46 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 89.15 Gb Free Space | 58.13% Space Free | Partition Type: NTFS

Computer Name: COMPUTADORA | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/25 14:29:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\My Documents\Downloads\OTL.exe
PRC - [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/31 20:42:18 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/09 23:17:34 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/03/17 18:27:40 | 000,114,688 | ---- | M] (FrostWire Group) -- C:\Program Files\FrostWire\FrostWire.exe
PRC - [2010/07/06 10:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/09/07 15:24:34 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2006/09/07 15:23:18 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/25 14:29:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\My Documents\Downloads\OTL.exe
MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/07 15:24:34 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/08/25 13:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/06/15 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110722.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/15 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110722.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/16 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/13 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/05/02 20:36:52 | 000,017,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/11/15 16:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/07 15:25:06 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/12/02 18:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/10/27 17:39:10 | 000,078,336 | ---- | M] (Webroot Software (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\SSI.SYS -- (SSI)
DRV - [2004/05/14 00:05:08 | 000,679,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/20 12:03:18 | 000,187,392 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2004/02/03 16:04:08 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2003/11/28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003/08/01 14:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vobid.sys -- (VOBID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ya...522,16897,0,6,0
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: [email protected]:1.03.01
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....type=135963&p="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=135963&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 00:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 09:41:42 | 000,000,000 | ---D | M]

[2008/12/26 03:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2011/05/23 00:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions
[2010/09/19 07:00:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/20 07:12:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/07 20:13:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/23 00:42:09 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2009/04/02 11:55:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/06/04 14:44:21 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/30 07:01:15 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\[email protected]
[2009/05/31 21:16:14 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\[email protected]
[2009/05/20 22:23:29 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\[email protected]
[2009/05/21 09:48:16 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\searchplugins\aim-search.xml
[2009/06/04 14:45:04 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\searchplugins\ask.xml
[2011/07/16 10:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/21 02:48:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/08 21:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/16 10:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/02/05 06:45:42 | 000,000,713 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Shop to Win 14) - {8C423C72-F06E-43B3-A3E8-A435FFF9E9E0} - C:\Program Files\Shop to Win 14\Shop to Win 14.dll (Shop To Win, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (FrostWire Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/25 17:13:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6d767770-db06-11dd-9ab5-0019d1234575}\Shell - "" = AutoRun
O33 - MountPoints2\{6d767770-db06-11dd-9ab5-0019d1234575}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6d767770-db06-11dd-9ab5-0019d1234575}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{86689e67-0464-11de-9adf-0019d1234575}\Shell - "" = AutoRun
O33 - MountPoints2\{86689e67-0464-11de-9adf-0019d1234575}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86689e67-0464-11de-9adf-0019d1234575}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{ae8b3390-d593-11dd-9aa9-0019d1234575}\Shell - "" = AutoRun
O33 - MountPoints2\{ae8b3390-d593-11dd-9aa9-0019d1234575}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae8b3390-d593-11dd-9aa9-0019d1234575}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c4b1a036-f0c1-11dd-9ac9-0019d1234575}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b1a036-f0c1-11dd-9ac9-0019d1234575}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4b1a036-f0c1-11dd-9ac9-0019d1234575}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 21:21:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\lhsp
[2011/07/20 21:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2011/07/16 10:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/07/16 10:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2011/07/07 20:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Elluminate
[2011/07/05 11:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Start Menu\Programs\Curse
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[203 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[180 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Don\My Documents\*.tmp files -> C:\Documents and Settings\Don\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/25 14:33:05 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/07/25 14:12:17 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/25 14:12:17 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/25 13:52:12 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1417001333-1004UA.job
[2011/07/25 13:52:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1417001333-1004Core.job
[2011/07/25 13:47:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/25 13:08:52 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 13:08:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 13:08:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 13:07:57 | 1600,012,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/24 03:32:41 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2011/07/19 22:07:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/14 04:53:11 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Google Chrome.lnk
[2011/07/14 04:53:11 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 03:26:38 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 03:04:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 12:07:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/06 09:41:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/05 11:50:34 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Curse Client.appref-ms
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[203 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[180 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\Don\My Documents\*.tmp files -> C:\Documents and Settings\Don\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 11:16:42 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/09/16 03:19:23 | 000,601,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/12 22:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010/03/12 22:55:12 | 000,006,898 | ---- | C] () -- C:\WINDOWS\System32\WORK.DAT
[2009/11/23 18:01:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/10/14 20:59:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\pssetup.cfg
[2009/10/14 20:19:21 | 000,001,161 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2009/04/13 15:13:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/07 09:12:48 | 007,996,659 | ---- | C] () -- C:\Program Files\torchat-windows-0.9.9.277.zip
[2009/02/04 04:35:58 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2009/02/04 04:35:53 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2009/02/04 04:35:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2009/02/01 23:02:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/30 23:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IxPb4A0i.exe.a_a
[2009/01/25 21:41:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/25 20:00:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/01/05 18:38:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/12/31 19:50:49 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/29 06:32:18 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/28 20:49:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/26 03:03:06 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/25 18:42:27 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/12/25 18:29:49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/12/25 17:42:11 | 000,079,647 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2008/12/25 17:42:11 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2008/12/25 17:15:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/25 17:11:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/25 12:02:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/25 12:01:13 | 000,136,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/14 00:05:08 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/05/14 00:05:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/02/27 17:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL

========== LOP Check ==========

[2009/05/21 09:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/21 09:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/09/06 16:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/01/13 13:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AV2010
[2009/02/24 18:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/11 18:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoMach
[2009/05/21 09:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/21 06:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 22:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/21 09:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\acccore
[2010/03/23 23:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Atari
[2011/07/15 13:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Audacity
[2008/12/28 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Bioshock
[2011/06/16 10:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\BitTorrent
[2011/05/23 01:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\BitZipper
[2010/05/03 17:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Blender Foundation
[2009/12/09 21:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Blitware
[2009/04/02 10:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/10 00:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\CrystalApp
[2009/06/08 01:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\CrystalSpace
[2010/02/10 20:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Dealio
[2009/07/02 05:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\DNA
[2008/12/30 07:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\dyyno-vlc
[2011/07/07 21:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Elluminate
[2011/05/23 00:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\FCSB000063443
[2011/07/25 14:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\FrostWire
[2009/01/19 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\godzHell
[2009/08/07 03:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Image Zone Express
[2010/02/25 18:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Leadertech
[2009/06/08 03:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\LimeWire
[2011/02/27 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Opera
[2010/12/18 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PlaneShift
[2009/12/10 23:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Planeshift old
[2010/02/13 15:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Planeshift old 0.5
[2010/06/19 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Planeshift old 0.5.3
[2010/11/26 02:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PlaneShift old 0.5.4
[2011/07/17 17:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PriceGong
[2009/04/02 11:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\SumatraPDF
[2009/01/19 16:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\TeamViewer
[2010/12/21 02:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\X-Chat 2
[2011/07/24 03:32:41 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\File Helper.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 26 July 2011 - 12:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I see you have two AV's Norton and Avast I would recommend that you uninstall one as they will conflict

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3
    [2011/05/23 00:42:09 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
    [2011/07/16 10:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
    File not found (No name found) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
    O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
    O2 - BHO: (Shop to Win 14) - {8C423C72-F06E-43B3-A3E8-A435FFF9E9E0} - C:\Program Files\Shop to Win 14\Shop to Win 14.dll (Shop To Win, LLC)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    [2011/07/24 03:32:41 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

FINALLY

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#3
Chasm
Posted 27 July 2011 - 07:07 PM

Chasm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for the help! Sorry that I'm a bit late on replying to this. I've been somewhat busy, but now I'm tackling this problem. So I already mentioned that I have downloaded Malwarebytes anti-virus in my first post, but I'm going to make sure that I have the updated version of it. Sorry if this will turn out as a wall of text, but I guess you're used to that? Anyways, I'm not sure if this has gotten rid of all the quarantined viruses, but can you tell me if it has or not? Thanks again.


Here are the results from the OTL quick scan:



OTL logfile created on: 7/27/2011 8:41:10 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Don\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 24.49% Memory free
3.34 Gb Paging File | 2.41 Gb Available in Paging File | 72.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 92.06 Gb Free Space | 60.02% Space Free | Partition Type: NTFS


Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 20:40:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\My Documents\Downloads\OTL (2).exe
PRC - [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/05 11:50:19 | 001,708,544 | ---- | M] (Curse) -- C:\Documents and Settings\Don\Local Settings\Apps\2.0\BCHAA3HM.YY7\XWYADN5Q.5H6\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
PRC - [2011/05/31 20:42:18 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/09 23:17:34 | 002,552,648 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/07/06 10:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/09/07 15:24:34 | 000,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2006/09/07 15:23:18 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 20:40:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\My Documents\Downloads\OTL (2).exe
MOD - [2011/05/02 20:36:04 | 000,284,744 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/09 09:38:44 | 001,779,792 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/07 15:24:34 | 000,086,016 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/08/25 13:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/06/15 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110722.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/15 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110722.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/16 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/13 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/07 16:17:56 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/05/02 20:36:54 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/02 20:36:52 | 000,242,472 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/05/02 20:36:52 | 000,017,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2007/11/15 16:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/07 15:25:06 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/12/02 18:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/10/27 17:39:10 | 000,078,336 | ---- | M] (Webroot Software (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\SSI.SYS -- (SSI)
DRV - [2004/05/14 00:05:08 | 000,679,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/20 12:03:18 | 000,187,392 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2004/02/03 16:04:08 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2003/11/28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003/08/01 14:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vobid.sys -- (VOBID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ya...522,16897,0,6,0
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: [email protected]:1.03.01
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....type=135963&p="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=135963&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 00:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 09:41:42 | 000,000,000 | ---D | M]

[2008/12/26 03:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2011/05/23 00:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions
[2010/09/19 07:00:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/20 07:12:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/07 20:13:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/02 11:55:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/06/04 14:44:21 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/30 07:01:15 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\[email protected]
[2009/05/31 21:16:14 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\[email protected]
[2009/05/20 22:23:29 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\extensions\[email protected]
[2009/05/21 09:48:16 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\searchplugins\aim-search.xml
[2009/06/04 14:45:04 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\euzn0s2w.default\searchplugins\ask.xml
[2011/07/16 10:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/21 02:48:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/08 21:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/07/27 19:43:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (FrostWire Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/25 17:13:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6d767770-db06-11dd-9ab5-0019d1234575}\Shell - "" = AutoRun
O33 - MountPoints2\{6d767770-db06-11dd-9ab5-0019d1234575}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6d767770-db06-11dd-9ab5-0019d1234575}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{86689e67-0464-11de-9adf-0019d1234575}\Shell - "" = AutoRun
O33 - MountPoints2\{86689e67-0464-11de-9adf-0019d1234575}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86689e67-0464-11de-9adf-0019d1234575}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{ae8b3390-d593-11dd-9aa9-0019d1234575}\Shell - "" = AutoRun
O33 - MountPoints2\{ae8b3390-d593-11dd-9aa9-0019d1234575}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae8b3390-d593-11dd-9aa9-0019d1234575}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c4b1a036-f0c1-11dd-9ac9-0019d1234575}\Shell - "" = AutoRun
O33 - MountPoints2\{c4b1a036-f0c1-11dd-9ac9-0019d1234575}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4b1a036-f0c1-11dd-9ac9-0019d1234575}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 20:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\.frostwire5
[2011/07/27 20:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Start Menu\Programs\FrostWire 5
[2011/07/27 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2011/07/27 19:42:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/20 21:21:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\lhsp
[2011/07/20 21:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2011/07/16 10:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/07/16 10:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2011/07/07 20:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Elluminate
[2011/07/05 11:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Start Menu\Programs\Curse
[1 C:\Documents and Settings\Don\My Documents\*.tmp files -> C:\Documents and Settings\Don\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 20:47:04 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 20:47:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/27 20:40:25 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/07/27 20:29:21 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/27 20:29:21 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\FrostWire 5.0.8.lnk
[2011/07/27 20:16:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 20:16:03 | 1600,012,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/27 19:52:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1417001333-1004UA.job
[2011/07/27 19:43:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/27 17:27:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 17:12:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/27 13:52:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1417001333-1004Core.job
[2011/07/26 22:07:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/25 14:12:17 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/25 14:12:17 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/14 04:53:11 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Google Chrome.lnk
[2011/07/14 04:53:11 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/13 03:26:38 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 03:04:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 12:07:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/06 09:41:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/05 11:50:34 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Curse Client.appref-ms
[1 C:\Documents and Settings\Don\My Documents\*.tmp files -> C:\Documents and Settings\Don\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 20:29:21 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.0.8.lnk
[2011/07/27 20:29:20 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\FrostWire 5.0.8.lnk
[2011/06/15 11:16:42 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/09/16 03:19:23 | 000,601,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/12 22:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010/03/12 22:55:12 | 000,006,898 | ---- | C] () -- C:\WINDOWS\System32\WORK.DAT
[2009/11/23 18:01:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/10/14 20:59:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\pssetup.cfg
[2009/10/14 20:19:21 | 000,001,161 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2009/04/13 15:13:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/07 09:12:48 | 007,996,659 | ---- | C] () -- C:\Program Files\torchat-windows-0.9.9.277.zip
[2009/02/04 04:35:58 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2009/02/04 04:35:53 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2009/02/04 04:35:53 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2009/02/01 23:02:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/30 23:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IxPb4A0i.exe.a_a
[2009/01/25 21:41:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/25 20:00:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/01/05 18:38:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/12/31 19:50:49 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/29 06:32:18 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/28 20:49:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/26 03:03:06 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/25 18:42:27 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/12/25 18:29:49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/12/25 17:42:11 | 000,079,647 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2008/12/25 17:42:11 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2008/12/25 17:15:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/25 17:11:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/25 12:02:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/25 12:01:13 | 000,136,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/14 00:05:08 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/05/14 00:05:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/02/27 17:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL

========== LOP Check ==========

[2009/05/21 09:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/21 09:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/09/06 16:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/01/13 13:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AV2010
[2009/02/24 18:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/11 18:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoMach
[2009/05/21 09:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/21 06:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/24 22:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/21 09:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\acccore
[2010/03/23 23:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Atari
[2011/07/15 13:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Audacity
[2008/12/28 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Bioshock
[2011/06/16 10:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\BitTorrent
[2011/05/23 01:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\BitZipper
[2010/05/03 17:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Blender Foundation
[2009/12/09 21:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Blitware
[2009/04/02 10:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/10 00:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\CrystalApp
[2009/06/08 01:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\CrystalSpace
[2010/02/10 20:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Dealio
[2009/07/02 05:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\DNA
[2008/12/30 07:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\dyyno-vlc
[2011/07/07 21:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Elluminate
[2011/05/23 00:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\FCSB000063443
[2011/07/27 20:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\FrostWire
[2009/01/19 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\godzHell
[2009/08/07 03:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Image Zone Express
[2010/02/25 18:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Leadertech
[2009/06/08 03:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\LimeWire
[2011/02/27 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Opera
[2010/12/18 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PlaneShift
[2009/12/10 23:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Planeshift old
[2010/02/13 15:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Planeshift old 0.5
[2010/06/19 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Planeshift old 0.5.3
[2010/11/26 02:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PlaneShift old 0.5.4
[2011/07/17 17:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PriceGong
[2009/04/02 11:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\SumatraPDF
[2009/01/19 16:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\TeamViewer
[2010/12/21 02:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\X-Chat 2

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 523 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >


Here are the logs from the aswMBR:


aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-27 20:57:27
-----------------------------
20:57:27.750 OS Version: Windows 5.1.2600 Service Pack 3
20:57:27.750 Number of processors: 2 586 0x605
20:57:33.140 Initialize success
20:58:06.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:58:06.593 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OA70A Size: 157066MB BusType: 3
20:58:06.593 Disk 0 MBR read successfully
20:58:06.593 Disk 0 MBR scan
20:58:06.593 Disk 0 Windows XP default MBR code
20:58:06.609 Disk 0 scanning sectors +321653430
20:58:06.656 Disk 0 scanning C:\WINDOWS\system32\drivers
20:58:13.015 Service scanning
20:58:14.406 Modules scanning
20:58:20.828 Disk 0 trace - called modules:
20:58:20.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:58:20.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89a3bab8]
20:58:20.843 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x89a53798]
20:58:20.843 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x89a61b00]
20:58:20.843 Scan finished successfully
  • 0

#4
Essexboy
Posted 28 July 2011 - 10:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To remove items from Norton quarantine please follow the steps on this page

What are your current problems ?
  • 0

#5
Chasm
Posted 30 July 2011 - 09:22 AM

Chasm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Is Norton "Symantec Antivirus"? If so, how do I check which version I have? You said that I have Norton installed, but I cannot find it anywhere on my computer. I've had less problems lately, but ever since this happened it takes about fifteen minutes to wait for the black screen to go away when I start my computer and another five or ten minutes for another screen to load. This has never happened before.
  • 0

#6
Essexboy
Posted 30 July 2011 - 10:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is your current antivirus - as I can see all the drivers for Symantec/Norton but none for another AV
  • 0

#7
Chasm
Posted 02 August 2011 - 11:10 AM

Chasm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I don't have anything other than symantec/norton, since I took Avast off the computer. I guess it would be my only antivirus unless you consider Malwarebytes to be an antivirus?
  • 0

#8
Essexboy
Posted 02 August 2011 - 11:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah OK I thought you were removing Norton


What are your current problems ?
  • 0

#9
Chasm
Posted 03 August 2011 - 07:54 PM

Chasm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I think running to otl helped get rid of the viruses. Though my computer is still taking a long time to load when I start it, and this happened after I had the virus attack get quarantined.
  • 0

#10
Essexboy
Posted 04 August 2011 - 11:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets have a little tidy up - let me know if this helps with the speed

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

THEN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image
  • 0

#11
Chasm
Posted 05 August 2011 - 10:12 PM

Chasm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey, I updated my symantec virus software and this whole thing started over again. Virus every three to ten seconds. Looks like I'll have to run the OTL all over again and try to delete certain files. I'll do what you've just told me to do after I do that. Or should I do something else?
  • 0

#12
Essexboy
Posted 06 August 2011 - 08:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is Norton reporting ?
  • 0

#13
Chasm
Posted 06 August 2011 - 02:33 PM

Chasm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It's reporting that viruses are being caught one after the other, but when I did the quick scan and the full scan it found nothing. It is the same virus (a trojan)over and over. It's worsening now, and I cannot get onto the internet without the computer freezing. Comodo also comes up with the disinfect, quarantine, or ignore options for this virus every two seconds. Is there any way I can get rid of this virus?
  • 0

#14
Essexboy
Posted 06 August 2011 - 02:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK loets check the drivers and other stuff out. What is the file name that Norton is reporting

Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#15
Essexboy
Posted 10 August 2011 - 01:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP