Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Interenet Security 2012


  • This topic is locked This topic is locked

#1
cootman

cootman

    Member

  • Member
  • PipPip
  • 11 posts
I was infected with XP internet security 2012 that ran a scan and said I had a number viruses/malware etc. and told me to purchase the software. I did not but anytime I would try to open IE or Firefox I would get the message. I looked up info on it and changed my date to 7 days later on the computer. This resolved the problem, but left wondering is it still on my computer and will it rear its head in the future.

I run windows XP.

After I changed the date I ran Malwarebytes antimalware. It removed 3 things. I do not know if that took care of it.

Thank you
Brent

OTL:
OTL logfile created on: 8/8/2011 3:32:41 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Brent Faulkner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.33 Mb Total Physical Memory | 429.77 Mb Available Physical Memory | 42.00% Memory free
1.47 Gb Paging File | 1.01 Gb Available in Paging File | 68.84% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 1.15 Gb Free Space | 4.12% Space Free | Partition Type: NTFS

Computer Name: COOTMANLAPTOP | User Name: Brent Faulkner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/08 15:32:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brent Faulkner\My Documents\Downloads\OTL.exe
PRC - [2011/08/01 12:33:39 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/07/12 02:47:29 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/06/23 07:36:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/24 09:21:41 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 08:43:33 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/16 07:51:50 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/16 07:51:24 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/16 07:51:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/08 15:32:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brent Faulkner\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/16 07:51:24 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/05 21:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/29 20:41:48 | 000,015,872 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ClearPATH\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/08/01 12:33:33 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/16 07:51:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/16 07:51:13 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/05 21:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/01/06 18:21:00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/12/09 09:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/13 21:40:00 | 000,709,248 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/10/20 11:28:18 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/10/20 10:59:08 | 000,011,861 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) WPA Security Protocol (IEEE 802.1x)
DRV - [2008/07/31 03:04:20 | 000,064,160 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_610_13437.sys -- (NEOFLTR_610_13437) Juniper Networks TDI Filter Driver (NEOFLTR_610_13437)
DRV - [2008/01/29 20:41:42 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2007/09/06 15:53:12 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/04/20 23:30:00 | 000,018,048 | R--- | M] (Linksys) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB200M2.sys -- (USB200M)
DRV - [2004/12/22 20:30:00 | 000,407,360 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/07/29 14:13:32 | 000,587,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginia.rivals.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.virginia.rivals.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.4.113
FF - prefs.js..extensions.enabledItems: [email protected]:2.609.002.003
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071302000002
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20081111
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 09:23:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/08/08 14:52:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 07:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 07:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/28 13:27:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/21 15:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Extensions
[2010/01/21 15:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/19 11:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\4pf2ttgq.default\extensions
[2009/09/03 16:33:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\4pf2ttgq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/14 10:50:40 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\4pf2ttgq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/06/05 14:24:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\4pf2ttgq.default\extensions\[email protected]
[2011/02/18 10:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\4pf2ttgq.default\extensions\[email protected]
[2011/08/08 15:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\psub95xh.Brent\extensions
[2010/04/28 07:35:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\psub95xh.Brent\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/08 15:02:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\psub95xh.Brent\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/07/05 08:55:33 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Brent Faulkner\Application Data\Mozilla\Firefox\Profiles\psub95xh.Brent\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/08 13:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\[email protected]
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/01/21 13:57:46 | 000,619,896 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ahm.com ([sgpacs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: centricity.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cherryredcasino.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cherryredcasino.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gogoinflight.com ([airborne] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intranet ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: suburbanhospital.org ([vpn] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1B635021-8269-11D8-9E2B-004005A9ABD2} http://172.25.7.21/esaweb/TX.cab (TX - Text Control)
O16 - DPF: {1F547826-D910-4105-BE3A-2FA9C85F3A3C} http://172.25.7.21/e...mGearViewer.CAB (SoftmedImGear.ImGearViewer)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://vpn.suburban...COL /relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {36600F07-8977-445A-96DF-A37BCF51FAFB} https://sgpacs.ahm.c...nload/Setup.cab (Reg Error: Key error.)
O16 - DPF: {501D93F5-74BE-4306-A90C-9FFD1574A6A6} http://shpacs.suburb...l/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa08)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.suburban...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {80DC1772-21EF-11D4-B9DE-0008C7CB5F59} https://esaweb.ahm.c...aweb/WebRTF.CAB (WebRTFProj.WebRTF)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8E49176D-5B2E-4391-AA56-212161D660DE} https://easyaccess.t...avaSettings.exe (Reg Error: Key error.)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://vpn.suburban...COL /cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://easyaccess.t...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://easyaccess.t...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} https://netaccess.ah...TM/webPrint.cab (Ter Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: SapphireSetupChecker.cab https://sgpacs.ahm.c...etupChecker.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/20 10:32:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0a5ea3e0-294c-11e0-b61e-8f5632c949e3}\Shell\AutoRun\command - "" = E:\GuardianEdgeRemovableStorageAccess.exe
O33 - MountPoints2\{27836680-20e0-11e0-b60f-000d88bbb129}\Shell\AutoRun\command - "" = F:\GuardianEdgeRemovableStorageAccess.exe
O33 - MountPoints2\{7991ea40-4f0a-11e0-b65a-831ad2596ef9}\Shell\AutoRun\command - "" = E:\GuardianEdgeRemovableStorageAccess.exe
O33 - MountPoints2\{d7f4cbd0-3cfa-11e0-b641-cc689ea55fa4}\Shell\AutoRun\command - "" = E:\GuardianEdgeRemovableStorageAccess.exe
O33 - MountPoints2\{d7f4cbec-3cfa-11e0-b641-cc689ea55fa4}\Shell\AutoRun\command - "" = E:\GuardianEdgeRemovableStorageAccess.exe
O33 - MountPoints2\{e8b86c29-3af8-11e0-b63c-f73998eff4e4}\Shell\AutoRun\command - "" = E:\GuardianEdgeRemovableStorageAccess.exe
O33 - MountPoints2\{f237f0b6-2ada-11e0-b622-87c3378012e9}\Shell\AutoRun\command - "" = E:\GuardianEdgeRemovableStorageAccess.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 14:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brent Faulkner\Application Data\Uniblue
[2011/08/08 14:49:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/08 14:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/08/08 14:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/08/08 14:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\PackageAware
[2011/08/08 13:33:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/14 11:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/14 11:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/14 11:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 15:35:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\prvlcl.dat
[2011/08/08 15:16:59 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/08/08 15:14:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/08 14:50:04 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Brent Faulkner\Desktop\Uniblue RegistryBooster.lnk
[2011/08/08 14:50:04 | 000,001,477 | ---- | M] () -- C:\Documents and Settings\Brent Faulkner\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/08/08 13:35:05 | 000,017,210 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2302hp643bdbjqo47fk8uw6jr268580eg87tl4
[2011/08/08 13:35:04 | 000,017,210 | -HS- | M] () -- C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\2302hp643bdbjqo47fk8uw6jr268580eg87tl4
[2011/08/08 13:33:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 12:33:33 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/08/01 12:29:45 | 082,910,179 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/08/01 12:18:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/08/01 08:58:11 | 000,174,996 | ---- | M] () -- C:\Documents and Settings\Brent Faulkner\Desktop\DVTCaprini-Risk-Assessment.pdf
[2011/07/28 10:39:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/26 16:31:56 | 000,001,716 | -H-- | M] () -- C:\Documents and Settings\Brent Faulkner\My Documents\Default.rdp
[2011/07/25 15:19:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/14 11:20:03 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/14 07:44:41 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 16:33:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 12:44:25 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/08 14:51:26 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/08/08 14:50:04 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Brent Faulkner\Desktop\Uniblue RegistryBooster.lnk
[2011/08/08 14:50:04 | 000,001,477 | ---- | C] () -- C:\Documents and Settings\Brent Faulkner\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/08/01 12:11:57 | 000,017,210 | -HS- | C] () -- C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\2302hp643bdbjqo47fk8uw6jr268580eg87tl4
[2011/08/01 12:11:57 | 000,017,210 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2302hp643bdbjqo47fk8uw6jr268580eg87tl4
[2011/07/28 13:28:08 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/07/25 20:15:35 | 000,174,996 | ---- | C] () -- C:\Documents and Settings\Brent Faulkner\Desktop\DVTCaprini-Risk-Assessment.pdf
[2011/07/14 11:20:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/08 12:49:40 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/02/08 12:49:40 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2011/02/08 12:49:39 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2010/11/24 17:25:56 | 001,046,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/17 18:02:17 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/03/17 17:36:52 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/03/04 12:40:48 | 000,110,029 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/03/04 12:40:48 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/02/03 11:04:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 08:53:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\prvlcl.dat
[2010/01/18 20:23:29 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/09/30 10:10:11 | 000,000,059 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2009/02/23 09:36:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/01/21 09:13:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/03 18:04:10 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/01/03 18:03:28 | 000,000,685 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/01/03 17:59:46 | 000,068,274 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2009/01/03 17:59:45 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2008/12/30 21:58:18 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 11:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 13:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 13:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 13:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 13:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 12:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/11/11 12:13:22 | 000,104,591 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2008/11/11 12:13:22 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2008/10/21 07:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/20 14:57:23 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\fusioncache.dat
[2008/10/20 12:59:50 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/10/20 12:55:16 | 000,108,690 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2008/10/20 12:37:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/10/20 11:24:15 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/10/20 11:24:15 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/10/20 10:59:03 | 000,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/10/20 10:59:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/10/20 10:46:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/20 10:35:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/20 10:28:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/20 06:17:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/20 06:16:05 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 13:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 13:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 13:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 12:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 12:52:00 | 000,445,018 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 12:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 12:51:54 | 000,072,728 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 12:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 12:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 12:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 12:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 12:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/10/26 08:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/18 18:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/05/18 13:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4A1190C4
[2009/09/30 09:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2011/08/08 13:33:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/20 11:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/05/31 15:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/10/20 11:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/03/17 13:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TDK
[2011/08/08 14:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/08 14:49:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/07/02 14:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/13 11:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/26 10:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/05 11:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\GARMIN
[2008/10/20 11:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\HotSync
[2008/10/23 12:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\ICAClient
[2010/03/06 13:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\Juniper Networks
[2008/10/20 12:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\Leadertech
[2011/07/06 16:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\Lite
[2008/12/24 19:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\softmed
[2010/01/21 15:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\Thunderbird
[2011/08/08 14:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brent Faulkner\Application Data\Uniblue
[2011/08/08 15:16:59 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/08/08 13:35:05 | 000,017,210 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2302hp643bdbjqo47fk8uw6jr268580eg87tl4
    [2011/08/08 13:35:04 | 000,017,210 | -HS- | M] () -- C:\Documents and Settings\Brent Faulkner\Local Settings\Application Data\2302hp643bdbjqo47fk8uw6jr268580eg87tl4
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP