Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser loading on its own.

Started by lostraider88 , Aug 18 2011 09:51 AM

  • This topic is locked This topic is locked

#1
lostraider88
Posted 18 August 2011 - 09:51 AM

lostraider88

    New Member

  • Member
  • Pip
  • 8 posts
Having trouble with browser taking off on its own. Firefox will open with these four tabs:

http://www.xn--&-8ga.com/
file:///C:/Program%20Files/Mozilla%20Firefox/
file:///C:/Program%20Files/Mozilla%20Firefox/T%E2%80%98%C3%91%C3%A5%C2%AD%C2%A6%C5%92M%E2%80%98%1A%C2%BD%C5%B8y%C2%A7d%C3%B9%11vU%C2%B0%C2%BEd%C2%B3%C3%A7%C3%94%0EA%C2%AE%C2%A0.%C3%82%C2%BB%C2%A1%C2%AE%11%C3%84%C3%ABF+5%C3%B8%C3%88%E2%80%94%C3%B7%C3%84%08%C3%BD%C3%87%13siB%C3%BD%E2%80%A1%E2%84%A2p%C2%B0%E2%84%A2%C3%BB%C3%BE:%C2%AF%C3%A3%04%5B%C3%94:%C5%BE%20%C3%A1%E2%80%A0H%0B%C2%BDA%E2%82%AC:%C3%A0%C2%9D%C3%84%C2%AA%C3%8A%C5%A0SH%C2%AB%C3%A7%E2%80%98%17%C2%A9%C2%A5:%112%C3%9C%C2%BB%60%0E$%C3%A7%C3%A3%C3%BD%%19xmG%15%C3%B2%C3%B0%C3%99%C2%8F%1F%C3%83b%C3%9Cc%C2%AE%E2%84%A2%C3%9Bj%1FV%C3%91*%C3%87~%E2%84%A2%C3%985S.%04f%C3%8B%C3%86%C3%8C%C3%8B%C3%A0%C2%A8%C3%A55I*D%C3%968%02%C3%8Ad%C3%8DC%E2%80%A0%C3%B7%C3%A8%E2%80%A0%E2%80%BAG%C5%92!%1C%C3%8A:%C2%A5k%C2%B7%C3%B5%5DADj%E2%80%A2%C3%B5S%C3%90l%C3%B9%05%1B%0Cn~%C2%A2%C3%B9%C2%A5%C3%9Fv%C2%8D%C2%AF2Y%C3%B4%C5%BE%C2%BF%C3%A2%E2%80%B9J?^%E2%80%99d%C2%9DTFl%C3%A4zg%C2%B5%C3%B2%7F%C3%91u%C5%BDn%E2%80%98%C2%B3%C3%B4p+%C3%A3f%C2%B5%C2%A9%E2%80%A6%C3%A6l%C3%918%03%C2%AA%C3%AC
http://www.xn--pda.com/

Here is the OTL:
OTL logfile created on: 8/18/2011 10:04:58 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Charles New\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.71% Memory free
3.81 Gb Paging File | 2.25 Gb Available in Paging File | 59.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 70.35 Gb Free Space | 47.21% Space Free | Partition Type: NTFS

Computer Name: JCNRHIZOGEN | User Name: Charles New | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 10:01:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles New\My Documents\Downloads\OTL.exe
PRC - [2011/08/12 00:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/09 07:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 07:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/14 11:23:18 | 000,228,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
PRC - [2010/10/29 15:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/09/27 11:09:54 | 000,325,336 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PC Matic\PCMatic.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/22 18:49:42 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/22 18:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R211990\stacsv.exe
PRC - [2009/02/22 18:49:28 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/02 20:12:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/02 20:11:42 | 000,208,896 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/02 20:11:40 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/02 20:11:40 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spider.exe
PRC - [2008/01/31 15:03:40 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/12 00:57:30 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/28 11:49:17 | 004,379,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\vcore.dll
MOD - [2011/06/12 18:40:39 | 000,316,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\remediation.dll
MOD - [2011/05/03 12:24:19 | 000,292,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libEmail.dll
MOD - [2011/03/20 18:40:32 | 000,394,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libVvs.dll
MOD - [2011/03/20 18:40:32 | 000,263,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libZip.dll
MOD - [2011/03/20 18:40:31 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libtd.dll
MOD - [2011/03/20 18:40:30 | 000,300,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libRar.dll
MOD - [2011/03/20 18:40:30 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libRTF.dll
MOD - [2011/03/20 18:40:29 | 000,349,520 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libOleA.dll
MOD - [2011/03/20 18:40:28 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libNSIS.dll
MOD - [2011/03/20 18:40:28 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMsi.dll
MOD - [2011/03/20 18:40:27 | 000,443,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMsCab.dll
MOD - [2011/03/20 18:40:26 | 000,193,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMachoUniv.dll
MOD - [2011/03/20 18:40:25 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libBase64.dll
MOD - [2011/03/20 18:40:24 | 000,202,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\lib7zip.dll
MOD - [2011/03/20 18:40:23 | 000,963,920 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\lgpl.dll
MOD - [2010/10/28 11:14:32 | 000,344,216 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\DiskMD3Ctrl.dll
MOD - [2010/09/17 09:34:58 | 000,459,480 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PCPitStop.dll
MOD - [2010/09/17 09:34:38 | 000,266,240 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PCPitstopAntiVirus2.dll
MOD - [2010/08/16 15:37:04 | 000,407,224 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
MOD - [2010/08/12 03:06:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
MOD - [2010/08/12 03:06:24 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2010/08/12 03:06:15 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2010/07/09 13:52:32 | 001,310,032 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\sbte.dll
MOD - [2010/07/09 13:52:24 | 000,415,056 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\SpursDownload.dll
MOD - [2010/03/23 04:21:40 | 000,300,368 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\vipre.dll
MOD - [2010/03/23 04:21:40 | 000,300,368 | ---- | M] () -- C:\Program Files\PCPitstop\PC MaticRT\vipre.dll
MOD - [2009/11/16 14:53:56 | 003,081,400 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PCPitstop3D.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/12/11 20:38:02 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/12/11 20:37:28 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/10/26 05:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/07/23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2006/10/27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/09 07:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/12/14 11:23:18 | 000,228,352 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe -- (PCPitstop Realtime)
SRV - [2010/09/27 11:09:52 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/02/22 18:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R211990\stacsv.exe -- (STacSV)
SRV - [2009/01/21 14:10:44 | 000,072,224 | ---- | M] (O2Micro International) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 21:11:14 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110817.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 21:11:14 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110817.038\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110816.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/27 18:01:08 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 18:01:08 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 19:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/14 07:56:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/14 15:04:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 15:04:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/28 17:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/22 18:49:38 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/22 18:49:26 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 20:11:38 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/21 14:10:48 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/01/21 14:10:46 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2008/12/11 20:37:58 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/20 22:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 12:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 14:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/08/20 14:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2008/04/14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========

And here is the aswMBR
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-18 10:21:01
-----------------------------
10:21:01.703 OS Version: Windows 5.1.2600 Service Pack 3
10:21:01.703 Number of processors: 2 586 0x170A
10:21:01.703 ComputerName: JCNRHIZOGEN UserName: Charles New
10:21:04.015 Initialize success
10:21:44.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
10:21:44.734 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
10:21:44.750 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#4&364d73ee&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
10:21:44.750 Device \Driver\iaStor -> DriverStartIo 8a5d8aea
10:21:44.796 Disk 0 MBR read successfully
10:21:44.796 Disk 0 MBR scan
10:21:44.796 Disk 0 Windows VISTA default MBR code
10:21:44.796 Disk 0 scanning sectors +312579760
10:21:44.890 Disk 0 scanning C:\WINDOWS\system32\drivers
10:21:51.515 File: C:\WINDOWS\system32\drivers\iaStor.sys TDL3 **ROOTKIT**
10:21:59.593 Service scanning
10:22:00.703 Modules scanning
10:22:13.796 Disk 0 trace - called modules:
10:22:13.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a5d8ec5]<<
10:22:13.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a675438]
10:22:13.875 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> [0x89c25498]
10:22:13.875 [0x89c1b978] -> IRP_MJ_CREATE -> 0x8a5d8ec5
10:22:13.875 Scan finished successfully
10:36:14.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Charles New\Desktop\MBR.dat"
10:36:14.625 The log file has been saved successfully to "C:\Documents and Settings\Charles New\Desktop\aswMBR.txt"

please help.
  • 0

Advertisements

#2
Essexboy
Posted 18 August 2011 - 12:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there most of the OTL log is missing, on completion of this run could you repost the entire log :)

Please read carefully and follow these steps.

  • DownloadTDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
lostraider88
Posted 18 August 2011 - 01:18 PM

lostraider88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the reply. Sorry I thought I got it all but I see that I did miss a lot. I'll try again

OTL logfile created on: 8/18/2011 10:04:58 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Charles New\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.71% Memory free
3.81 Gb Paging File | 2.25 Gb Available in Paging File | 59.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 70.35 Gb Free Space | 47.21% Space Free | Partition Type: NTFS

Computer Name: JCNRHIZOGEN | User Name: Charles New | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 10:01:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles New\My Documents\Downloads\OTL.exe
PRC - [2011/08/12 00:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/09 07:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 07:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/14 11:23:18 | 000,228,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
PRC - [2010/10/29 15:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/09/27 11:09:54 | 000,325,336 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PC Matic\PCMatic.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/22 18:49:42 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/22 18:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R211990\stacsv.exe
PRC - [2009/02/22 18:49:28 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/02 20:12:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/02 20:11:42 | 000,208,896 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/02 20:11:40 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/02 20:11:40 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spider.exe
PRC - [2008/01/31 15:03:40 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/12 00:57:30 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/28 11:49:17 | 004,379,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\vcore.dll
MOD - [2011/06/12 18:40:39 | 000,316,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\remediation.dll
MOD - [2011/05/03 12:24:19 | 000,292,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libEmail.dll
MOD - [2011/03/20 18:40:32 | 000,394,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libVvs.dll
MOD - [2011/03/20 18:40:32 | 000,263,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libZip.dll
MOD - [2011/03/20 18:40:31 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libtd.dll
MOD - [2011/03/20 18:40:30 | 000,300,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libRar.dll
MOD - [2011/03/20 18:40:30 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libRTF.dll
MOD - [2011/03/20 18:40:29 | 000,349,520 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libOleA.dll
MOD - [2011/03/20 18:40:28 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libNSIS.dll
MOD - [2011/03/20 18:40:28 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMsi.dll
MOD - [2011/03/20 18:40:27 | 000,443,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMsCab.dll
MOD - [2011/03/20 18:40:26 | 000,193,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMachoUniv.dll
MOD - [2011/03/20 18:40:25 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libBase64.dll
MOD - [2011/03/20 18:40:24 | 000,202,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\lib7zip.dll
MOD - [2011/03/20 18:40:23 | 000,963,920 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\lgpl.dll
MOD - [2010/10/28 11:14:32 | 000,344,216 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\DiskMD3Ctrl.dll
MOD - [2010/09/17 09:34:58 | 000,459,480 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PCPitStop.dll
MOD - [2010/09/17 09:34:38 | 000,266,240 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PCPitstopAntiVirus2.dll
MOD - [2010/08/16 15:37:04 | 000,407,224 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
MOD - [2010/08/12 03:06:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
MOD - [2010/08/12 03:06:24 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2010/08/12 03:06:15 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2010/07/09 13:52:32 | 001,310,032 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\sbte.dll
MOD - [2010/07/09 13:52:24 | 000,415,056 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\SpursDownload.dll
MOD - [2010/03/23 04:21:40 | 000,300,368 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\vipre.dll
MOD - [2010/03/23 04:21:40 | 000,300,368 | ---- | M] () -- C:\Program Files\PCPitstop\PC MaticRT\vipre.dll
MOD - [2009/11/16 14:53:56 | 003,081,400 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PCPitstop3D.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/12/11 20:38:02 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/12/11 20:37:28 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/10/26 05:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/07/23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2006/10/27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/09 07:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/12/14 11:23:18 | 000,228,352 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe -- (PCPitstop Realtime)
SRV - [2010/09/27 11:09:52 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/02/22 18:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R211990\stacsv.exe -- (STacSV)
SRV - [2009/01/21 14:10:44 | 000,072,224 | ---- | M] (O2Micro International) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 21:11:14 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110817.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 21:11:14 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110817.038\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110816.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/27 18:01:08 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 18:01:08 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 19:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/14 07:56:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/14 15:04:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 15:04:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/28 17:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/22 18:49:38 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/22 18:49:26 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 20:11:38 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/21 14:10:48 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/01/21 14:10:46 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2008/12/11 20:37:58 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/20 22:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 12:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 14:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/08/20 14:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2008/04/14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage


IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1007\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-1119492408-994160716-3076737224-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/07/30 11:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/25 07:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/08/17 18:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 09:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 16:11:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/07/30 11:21:27 | 000,000,000 | ---D | M]

[2011/05/03 08:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Extensions
[2011/05/03 08:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Extensions\[email protected]
[2011/08/16 14:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions
[2010/05/13 09:28:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/12 20:35:46 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/08/17 11:56:36 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/08/16 14:41:37 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions\[email protected]
[2010/11/17 10:35:27 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\searchplugins\bing.xml
[2011/08/18 09:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/12 17:45:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/12 00:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/12 17:45:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [PC MaticRT] C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1119492408-994160716-3076737224-1006..\Run: [SMAV] File not found
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1119492408-994160716-3076737224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1119492408-994160716-3076737224-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.28.186.91 68.28.178.91
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Charles New\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charles New\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{20da1b20-a0d0-11de-9290-00225f8a4bdc}\Shell - "" = AutoRun
O33 - MountPoints2\{20da1b20-a0d0-11de-9290-00225f8a4bdc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20da1b20-a0d0-11de-9290-00225f8a4bdc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{3f7a8572-74bd-11e0-93b6-0014d11d5b14}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{3f7a8573-74bd-11e0-93b6-0014d11d5b14}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{625cae50-5e2b-11df-9302-00225f8a4bdc}\Shell - "" = AutoRun
O33 - MountPoints2\{625cae50-5e2b-11df-9302-00225f8a4bdc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{625cae50-5e2b-11df-9302-00225f8a4bdc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cd6d88bf-e338-11de-92cc-00225f8a4bdc}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe
O33 - MountPoints2\{cd6d88bf-e338-11de-92cc-00225f8a4bdc}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/14 06:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\Application Data\Tific
[2011/08/14 06:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\Local Settings\Application Data\Symantec
[2011/07/28 10:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\Start Menu\Programs\pdfFactory Pro
[2011/07/28 10:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\My Documents\PDF files
[2011/07/28 10:33:04 | 000,385,024 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppmon4.dll
[2011/07/28 10:33:04 | 000,262,656 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppr432.dll
[2011/07/28 10:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\Local Settings\Application Data\Citrix
[2010/10/17 13:42:05 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/18 10:11:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/18 09:19:19 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3FD3A4C-C734-4529-9D87-3AC851657ACC}.job
[2011/08/18 09:17:12 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Charles New\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/18 09:17:11 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/17 16:24:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/17 16:24:12 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 16:22:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/17 16:21:43 | 2106,470,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 13:14:24 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Charles New\My Documents\Default.rdp
[2011/08/16 22:15:00 | 000,312,571 | ---- | M] () -- C:\Documents and Settings\Charles New\Desktop\Distributor Price List August 1, 2011.pdf
[2011/08/13 13:05:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 10:26:38 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\Charles New\GoToAssistDownloadHelper.exe
[2011/07/23 22:50:28 | 000,385,024 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppmon4.dll
[2011/07/23 22:47:24 | 000,262,656 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppr432.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/16 17:57:55 | 000,312,571 | ---- | C] () -- C:\Documents and Settings\Charles New\Desktop\Distributor Price List August 1, 2011.pdf
[2011/07/28 10:26:36 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Charles New\GoToAssistDownloadHelper.exe
[2011/05/12 14:09:42 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Charles New\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/15 17:20:22 | 000,469,306 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1119492408-994160716-3076737224-1006-0.dat
[2011/03/15 17:20:21 | 000,166,794 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/12 18:01:07 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2011/03/09 10:57:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/03/09 10:57:54 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/03/09 10:56:50 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/03/09 10:56:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/03/09 10:56:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011/03/09 09:52:34 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/03/09 09:52:33 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7840W.DAT
[2011/03/09 09:52:28 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2011/03/09 09:52:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/03/09 09:52:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/03/09 09:52:23 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/03/09 09:51:28 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/03/09 09:09:02 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/12/25 19:06:20 | 000,040,412 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/01 07:54:57 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dkfjasdfshd.bat
[2010/10/17 13:42:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/09/15 06:59:47 | 001,564,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/26 13:34:04 | 000,000,080 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/08/26 13:34:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2010/07/12 15:21:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/17 11:24:21 | 000,000,014 | ---- | C] () -- C:\WINDOWS\hpmssnpjt.ini
[2010/01/28 18:06:12 | 000,127,408 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2010/01/28 18:06:12 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/09/02 16:36:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/06 18:48:38 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/05/07 18:02:30 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Charles New\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 16:11:27 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2009/05/06 16:08:56 | 000,000,685 | R--- | C] () -- C:\WINDOWS\System32\hppapr08.dat
[2009/05/06 16:08:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/05/06 16:06:08 | 000,001,202 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/05/06 16:00:45 | 000,153,548 | ---- | C] () -- C:\WINDOWS\hppins08.dat
[2009/05/06 16:00:45 | 000,153,507 | ---- | C] () -- C:\WINDOWS\System32\hppins08.dat
[2009/05/06 16:00:45 | 000,001,116 | ---- | C] () -- C:\WINDOWS\hppmdl08.dat
[2009/05/03 14:34:27 | 000,165,809 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
[2009/05/03 14:34:27 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
[2009/05/02 08:13:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/24 12:48:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/04/24 12:48:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/24 12:48:01 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/24 12:48:01 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/24 12:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/04/24 12:47:12 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/24 10:08:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/24 09:58:52 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/24 09:57:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/04/24 09:57:33 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/04/24 09:57:33 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 16:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 11:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 11:16:22 | 000,506,858 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 11:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 11:16:22 | 000,088,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 11:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 11:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 11:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 11:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 11:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 11:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 11:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 04:21:52 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/04/24 09:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/07/12 08:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23a4628
[2010/05/04 13:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\99306936
[2011/03/17 07:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/08/18 10:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/10/17 12:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2010/08/24 10:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/03/31 09:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/24 10:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/03 08:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/06 16:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zvprt50
[2010/12/24 01:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/31 16:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/12 18:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\AT&T
[2011/03/13 01:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Audacity
[2010/01/29 09:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Blackberry Desktop
[2011/03/12 18:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\DBUpdater
[2011/07/18 15:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\GARMIN
[2009/06/26 16:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\GetRightToGo
[2011/03/09 11:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\PC-FAX TX
[2010/12/13 09:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\PCDr
[2010/09/14 07:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Research In Motion
[2011/03/31 09:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\ScanSoft
[2011/03/12 17:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Sierra Wireless
[2010/05/20 12:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Sling Media
[2011/08/14 06:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Tific
[2011/05/03 08:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\TomTom
[2009/04/24 09:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Windows Desktop Search
[2009/05/01 16:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Windows Search
[2009/04/24 09:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2011/03/12 18:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2009/04/24 09:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Windows Desktop Search
[2011/03/12 18:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2011/08/18 09:19:19 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3FD3A4C-C734-4529-9D87-3AC851657ACC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Charles New\Desktop\Account For Charles New.grv:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\Super Bowl Briskets and Birds 2010.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\Rhizogen LLC Letterhead Template 5-09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\Rain.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\Copy of Boy Scouts Contact List 2010.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\AB site report (2).doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\1733821.pdf:Roxio EMC Stream

< End of report >
  • 0

#4
Essexboy
Posted 18 August 2011 - 01:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you, once you have run TDSSKiller I will then continue
  • 0

#5
lostraider88
Posted 18 August 2011 - 01:36 PM

lostraider88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you, I have run TDSSKiller

2011/08/18 14:23:33.0984 0864 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/18 14:23:35.0984 0864 ================================================================================
2011/08/18 14:23:35.0984 0864 SystemInfo:
2011/08/18 14:23:35.0984 0864
2011/08/18 14:23:35.0984 0864 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/18 14:23:35.0984 0864 Product type: Workstation
2011/08/18 14:23:35.0984 0864 ComputerName: JCNRHIZOGEN
2011/08/18 14:23:35.0984 0864 UserName: Charles New
2011/08/18 14:23:35.0984 0864 Windows directory: C:\WINDOWS
2011/08/18 14:23:35.0984 0864 System windows directory: C:\WINDOWS
2011/08/18 14:23:35.0984 0864 Processor architecture: Intel x86
2011/08/18 14:23:35.0984 0864 Number of processors: 2
2011/08/18 14:23:35.0984 0864 Page size: 0x1000
2011/08/18 14:23:35.0984 0864 Boot type: Normal boot
2011/08/18 14:23:35.0984 0864 ================================================================================
2011/08/18 14:23:36.0437 0864 Initialize success
2011/08/18 14:24:10.0859 4552 ================================================================================
2011/08/18 14:24:10.0859 4552 Scan started
2011/08/18 14:24:10.0859 4552 Mode: Manual;
2011/08/18 14:24:10.0859 4552 ================================================================================
2011/08/18 14:24:11.0203 4552 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/18 14:24:11.0250 4552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/18 14:24:11.0265 4552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/18 14:24:11.0312 4552 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
2011/08/18 14:24:11.0375 4552 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/18 14:24:11.0421 4552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/18 14:24:11.0468 4552 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/08/18 14:24:11.0515 4552 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/08/18 14:24:11.0546 4552 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/18 14:24:11.0562 4552 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/18 14:24:11.0593 4552 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/18 14:24:11.0625 4552 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/18 14:24:11.0640 4552 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/18 14:24:11.0718 4552 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/18 14:24:11.0750 4552 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/18 14:24:11.0796 4552 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/18 14:24:11.0828 4552 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/18 14:24:11.0890 4552 ApfiltrService (90a4840b56a92832da30e9148bea9450) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/08/18 14:24:11.0953 4552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/18 14:24:11.0984 4552 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/18 14:24:12.0000 4552 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/18 14:24:12.0046 4552 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/18 14:24:12.0109 4552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/18 14:24:12.0171 4552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/18 14:24:12.0218 4552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/18 14:24:12.0281 4552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/18 14:24:12.0375 4552 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/18 14:24:12.0453 4552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/18 14:24:12.0656 4552 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx86.sys
2011/08/18 14:24:12.0765 4552 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/18 14:24:12.0781 4552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/18 14:24:12.0890 4552 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
2011/08/18 14:24:12.0953 4552 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/18 14:24:13.0000 4552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/18 14:24:13.0046 4552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/18 14:24:13.0078 4552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/18 14:24:13.0140 4552 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/18 14:24:13.0171 4552 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/18 14:24:13.0187 4552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/18 14:24:13.0218 4552 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/18 14:24:13.0265 4552 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/18 14:24:13.0281 4552 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/18 14:24:13.0312 4552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/18 14:24:13.0343 4552 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2011/08/18 14:24:13.0359 4552 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2011/08/18 14:24:13.0375 4552 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/18 14:24:13.0390 4552 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2011/08/18 14:24:13.0406 4552 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2011/08/18 14:24:13.0421 4552 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2011/08/18 14:24:13.0437 4552 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2011/08/18 14:24:13.0453 4552 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/08/18 14:24:13.0500 4552 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2011/08/18 14:24:13.0515 4552 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2011/08/18 14:24:13.0578 4552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/18 14:24:13.0609 4552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/18 14:24:13.0640 4552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/18 14:24:13.0703 4552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/18 14:24:13.0718 4552 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/18 14:24:13.0734 4552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/18 14:24:13.0765 4552 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/18 14:24:13.0781 4552 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/18 14:24:13.0875 4552 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/18 14:24:13.0937 4552 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/18 14:24:14.0000 4552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/18 14:24:14.0046 4552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/18 14:24:14.0078 4552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/18 14:24:14.0125 4552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/18 14:24:14.0171 4552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/18 14:24:14.0218 4552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/18 14:24:14.0250 4552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/18 14:24:14.0312 4552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/18 14:24:14.0359 4552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/18 14:24:14.0390 4552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/18 14:24:14.0421 4552 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/18 14:24:14.0453 4552 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/18 14:24:14.0515 4552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/18 14:24:14.0562 4552 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/18 14:24:14.0656 4552 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/18 14:24:14.0703 4552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/18 14:24:14.0796 4552 ialm (364872e9c594af4bf0f742273cea0238) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/18 14:24:14.0921 4552 iaStor (32a6658281fbaa9eea2f7e4cbf69e702) C:\WINDOWS\system32\drivers\iaStor.sys
2011/08/18 14:24:14.0921 4552 Suspicious file (Forged): C:\WINDOWS\system32\drivers\iaStor.sys. Real md5: 32a6658281fbaa9eea2f7e4cbf69e702, Fake md5: baabb0301949774a66b955c65319635a
2011/08/18 14:24:14.0937 4552 iaStor - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/08/18 14:24:15.0156 4552 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110816.030\IDSxpx86.sys
2011/08/18 14:24:15.0203 4552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/18 14:24:15.0281 4552 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/18 14:24:15.0312 4552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/18 14:24:15.0343 4552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/18 14:24:15.0359 4552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/18 14:24:15.0390 4552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/18 14:24:15.0406 4552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/18 14:24:15.0437 4552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/18 14:24:15.0500 4552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/18 14:24:15.0531 4552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/18 14:24:15.0562 4552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/18 14:24:15.0625 4552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/18 14:24:15.0671 4552 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/18 14:24:15.0718 4552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/18 14:24:15.0750 4552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/18 14:24:15.0828 4552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/18 14:24:15.0890 4552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/18 14:24:15.0937 4552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/18 14:24:15.0953 4552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/18 14:24:15.0968 4552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/18 14:24:16.0031 4552 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/18 14:24:16.0093 4552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/18 14:24:16.0140 4552 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/18 14:24:16.0203 4552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/18 14:24:16.0250 4552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/18 14:24:16.0281 4552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/18 14:24:16.0296 4552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/18 14:24:16.0328 4552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/18 14:24:16.0343 4552 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/18 14:24:16.0531 4552 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110818.003\NAVENG.SYS
2011/08/18 14:24:16.0593 4552 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110818.003\NAVEX15.SYS
2011/08/18 14:24:16.0656 4552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/18 14:24:16.0703 4552 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/18 14:24:16.0734 4552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/18 14:24:16.0765 4552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/18 14:24:16.0796 4552 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/18 14:24:16.0828 4552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/18 14:24:16.0875 4552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/18 14:24:16.0921 4552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/18 14:24:16.0937 4552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/18 14:24:17.0015 4552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/18 14:24:17.0078 4552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/18 14:24:17.0109 4552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/18 14:24:17.0140 4552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/18 14:24:17.0171 4552 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/08/18 14:24:17.0203 4552 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/08/18 14:24:17.0234 4552 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/08/18 14:24:17.0265 4552 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/08/18 14:24:17.0328 4552 O2MDGRDR (4f8d4b1233af48b30f4fdc76a8865cfa) C:\WINDOWS\system32\DRIVERS\o2mdg.sys
2011/08/18 14:24:17.0359 4552 O2SDGRDR (928b7612b65e82d68d489a1474c98b37) C:\WINDOWS\system32\DRIVERS\o2sdg.sys
2011/08/18 14:24:17.0406 4552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/18 14:24:17.0453 4552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/18 14:24:17.0484 4552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/18 14:24:17.0515 4552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/18 14:24:17.0593 4552 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/08/18 14:24:17.0625 4552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/18 14:24:17.0687 4552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/18 14:24:17.0718 4552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/18 14:24:17.0843 4552 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/18 14:24:17.0859 4552 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/18 14:24:17.0921 4552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/18 14:24:17.0953 4552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/18 14:24:17.0984 4552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/18 14:24:18.0031 4552 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/18 14:24:18.0078 4552 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/18 14:24:18.0093 4552 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/18 14:24:18.0109 4552 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/18 14:24:18.0140 4552 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/18 14:24:18.0156 4552 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/18 14:24:18.0187 4552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/18 14:24:18.0203 4552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/18 14:24:18.0250 4552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/18 14:24:18.0281 4552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/18 14:24:18.0328 4552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/18 14:24:18.0359 4552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/18 14:24:18.0390 4552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/18 14:24:18.0421 4552 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/18 14:24:18.0484 4552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/18 14:24:18.0546 4552 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/08/18 14:24:18.0593 4552 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/08/18 14:24:18.0625 4552 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/18 14:24:18.0687 4552 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/18 14:24:18.0718 4552 sbaphd (8fe075898df6b206d0a5cf0feb581b5e) C:\WINDOWS\system32\drivers\sbaphd.sys
2011/08/18 14:24:18.0765 4552 sbapifs (29658f5353d5b73ca514a784e6aac54e) C:\WINDOWS\system32\drivers\sbapifs.sys
2011/08/18 14:24:18.0796 4552 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/18 14:24:18.0828 4552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/18 14:24:18.0859 4552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/18 14:24:18.0921 4552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/18 14:24:18.0968 4552 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/18 14:24:19.0031 4552 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/18 14:24:19.0062 4552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/18 14:24:19.0093 4552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/18 14:24:19.0187 4552 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
2011/08/18 14:24:19.0234 4552 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
2011/08/18 14:24:19.0281 4552 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/18 14:24:19.0375 4552 STHDA (5849f5d472a676ace7224fc2c656f4b2) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/18 14:24:19.0468 4552 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/18 14:24:19.0531 4552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/18 14:24:19.0578 4552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/18 14:24:19.0640 4552 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/08/18 14:24:19.0718 4552 SWNC8U80 (7ae593fe3d78195987505da0a7e91542) C:\WINDOWS\system32\DRIVERS\swnc8u80.sys
2011/08/18 14:24:19.0781 4552 SWUMX80 (3076a3bb7c340bbf851075dd2ebad03f) C:\WINDOWS\system32\DRIVERS\swumx80.sys
2011/08/18 14:24:19.0843 4552 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/18 14:24:19.0890 4552 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/18 14:24:19.0984 4552 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
2011/08/18 14:24:20.0046 4552 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
2011/08/18 14:24:20.0078 4552 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/08/18 14:24:20.0140 4552 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
2011/08/18 14:24:20.0187 4552 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
2011/08/18 14:24:20.0218 4552 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/18 14:24:20.0250 4552 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/18 14:24:20.0296 4552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/18 14:24:20.0375 4552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/18 14:24:20.0421 4552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/18 14:24:20.0453 4552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/18 14:24:20.0546 4552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/18 14:24:20.0578 4552 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/18 14:24:20.0609 4552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/18 14:24:20.0656 4552 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/18 14:24:20.0703 4552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/18 14:24:20.0765 4552 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/18 14:24:20.0828 4552 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/18 14:24:20.0843 4552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/18 14:24:20.0875 4552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/18 14:24:20.0921 4552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/18 14:24:20.0968 4552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/18 14:24:21.0031 4552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/18 14:24:21.0078 4552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/18 14:24:21.0093 4552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/18 14:24:21.0125 4552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/18 14:24:21.0171 4552 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/18 14:24:21.0203 4552 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/18 14:24:21.0250 4552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/18 14:24:21.0296 4552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/18 14:24:21.0359 4552 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/18 14:24:21.0421 4552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/18 14:24:21.0515 4552 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/18 14:24:21.0578 4552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/18 14:24:21.0609 4552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/18 14:24:21.0671 4552 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/08/18 14:24:21.0703 4552 Boot (0x1200) (7ae41592c7cd4965d7703b60f3cf4c87) \Device\Harddisk0\DR0\Partition0
2011/08/18 14:24:21.0703 4552 ================================================================================
2011/08/18 14:24:21.0703 4552 Scan finished
2011/08/18 14:24:21.0703 4552 ================================================================================
2011/08/18 14:24:21.0734 4324 Detected object count: 1
2011/08/18 14:24:21.0734 4324 Actual detected object count: 1
2011/08/18 14:24:38.0750 4324 iaStor (32a6658281fbaa9eea2f7e4cbf69e702) C:\WINDOWS\system32\drivers\iaStor.sys
2011/08/18 14:24:38.0765 4324 Suspicious file (Forged): C:\WINDOWS\system32\drivers\iaStor.sys. Real md5: 32a6658281fbaa9eea2f7e4cbf69e702, Fake md5: baabb0301949774a66b955c65319635a
2011/08/18 14:24:39.0000 4324 Backup copy found, using it..
2011/08/18 14:24:39.0187 4324 C:\WINDOWS\system32\drivers\iaStor.sys - will be cured after reboot
2011/08/18 14:24:39.0187 4324 Rootkit.Win32.TDSS.tdl3(iaStor) - User select action: Cure
2011/08/18 14:25:35.0906 0852 Deinitialize success
  • 0

#6
Essexboy
Posted 18 August 2011 - 01:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know what problems remain

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - File not found
    O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - File not found
    [2010/07/12 08:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23a4628
    [2010/05/04 13:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\99306936
    [2010/11/01 07:54:57 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dkfjasdfshd.bat

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
lostraider88
Posted 18 August 2011 - 02:30 PM

lostraider88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I am responding from another PC.
Ran the fix on the OTL PC seems to be locked at "CREATERESTOREPOINT". How long should I wait before aborting?
  • 0

#8
Essexboy
Posted 18 August 2011 - 02:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Close OTL out and reboot please then let me know what problems remain
  • 0

#9
lostraider88
Posted 18 August 2011 - 03:05 PM

lostraider88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Upon reboot I got this message:

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Charles New\Local Settings\Temporary Internet Files\Content.Word\~WRS{072FD780-783A-48FC-9B7F-E15A51D2ADD0}.tmp not found!
File\Folder C:\Documents and Settings\Charles New\Local Settings\Temporary Internet Files\Content.Word\~WRS{500A623E-EFC9-4B88-949C-E98ECC666578}.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat moved successfully.

Registry entries deleted on Reboot...

Running the OTL Quick Scan again now...
  • 0

#10
Essexboy
Posted 18 August 2011 - 03:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0

Advertisements

#11
lostraider88
Posted 18 August 2011 - 03:14 PM

lostraider88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the OTL logfile.

OTL logfile created on: 8/18/2011 4:05:21 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Charles New\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 56.47% Memory free
3.81 Gb Paging File | 2.91 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 74.55 Gb Free Space | 50.03% Space Free | Partition Type: NTFS

Computer Name: JCNRHIZOGEN | User Name: Charles New | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 10:01:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles New\My Documents\Downloads\OTL.exe
PRC - [2011/08/12 00:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/14 11:28:20 | 000,209,120 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe
PRC - [2010/12/14 11:23:18 | 000,228,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/22 18:49:42 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/22 18:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R211990\stacsv.exe
PRC - [2009/02/22 18:49:28 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/02 20:12:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/02 20:11:42 | 000,208,896 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/02 20:11:40 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/02 20:11:40 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 15:03:40 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/12 00:57:30 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/28 11:49:17 | 004,379,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\vcore.dll
MOD - [2011/06/12 18:40:39 | 000,316,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\remediation.dll
MOD - [2011/05/03 12:24:19 | 000,292,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libEmail.dll
MOD - [2011/03/20 18:40:32 | 000,394,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libVvs.dll
MOD - [2011/03/20 18:40:32 | 000,263,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libZip.dll
MOD - [2011/03/20 18:40:31 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libtd.dll
MOD - [2011/03/20 18:40:30 | 000,300,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libRar.dll
MOD - [2011/03/20 18:40:30 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libRTF.dll
MOD - [2011/03/20 18:40:29 | 000,349,520 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libOleA.dll
MOD - [2011/03/20 18:40:28 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libNSIS.dll
MOD - [2011/03/20 18:40:28 | 000,185,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMsi.dll
MOD - [2011/03/20 18:40:27 | 000,443,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMsCab.dll
MOD - [2011/03/20 18:40:26 | 000,193,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMachoUniv.dll
MOD - [2011/03/20 18:40:25 | 000,210,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libBase64.dll
MOD - [2011/03/20 18:40:24 | 000,202,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\lib7zip.dll
MOD - [2011/03/20 18:40:23 | 000,963,920 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\lgpl.dll
MOD - [2010/11/05 15:38:48 | 000,045,568 | ---- | M] () -- C:\Program Files\PCPitstop\PC MaticRT\pcmaticRTen.dll
MOD - [2010/08/12 03:06:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
MOD - [2010/08/12 03:06:24 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2010/08/12 03:06:15 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2010/03/23 04:21:40 | 000,300,368 | ---- | M] () -- C:\Program Files\PCPitstop\PC MaticRT\vipre.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/12/11 20:38:02 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/12/11 20:37:28 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/07/23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/09 07:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/12/14 11:23:18 | 000,228,352 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe -- (PCPitstop Realtime)
SRV - [2010/09/27 11:09:52 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/02/22 18:49:34 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R211990\stacsv.exe -- (STacSV)
SRV - [2009/01/21 14:10:44 | 000,072,224 | ---- | M] (O2Micro International) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 21:11:14 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110818.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 21:11:14 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110818.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110816.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/27 18:01:08 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 18:01:08 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 19:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/14 07:56:32 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/14 15:04:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 15:04:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/28 17:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/22 18:49:38 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/22 18:49:26 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 20:11:38 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/21 14:10:48 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/01/21 14:10:46 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2008/12/11 20:37:58 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/20 22:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 12:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 14:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/08/20 14:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2008/04/14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/07/30 11:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/25 07:58:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/08/18 15:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 09:17:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 16:11:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/07/30 11:21:27 | 000,000,000 | ---D | M]

[2011/05/03 08:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Extensions
[2011/05/03 08:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Extensions\[email protected]
[2011/08/16 14:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions
[2010/05/13 09:28:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/12 20:35:46 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/08/17 11:56:36 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/08/16 14:41:37 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\extensions\[email protected]
[2010/11/17 10:35:27 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Charles New\Application Data\Mozilla\Firefox\Profiles\cjmfk3ax.default\searchplugins\bing.xml
[2011/08/18 09:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/12 17:45:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/12 00:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/12 17:45:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/18 14:54:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [PC MaticRT] C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [SMAV] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.28.186.91 68.28.178.91
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Charles New\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charles New\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{20da1b20-a0d0-11de-9290-00225f8a4bdc}\Shell - "" = AutoRun
O33 - MountPoints2\{20da1b20-a0d0-11de-9290-00225f8a4bdc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20da1b20-a0d0-11de-9290-00225f8a4bdc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{3f7a8572-74bd-11e0-93b6-0014d11d5b14}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{3f7a8573-74bd-11e0-93b6-0014d11d5b14}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{625cae50-5e2b-11df-9302-00225f8a4bdc}\Shell - "" = AutoRun
O33 - MountPoints2\{625cae50-5e2b-11df-9302-00225f8a4bdc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{625cae50-5e2b-11df-9302-00225f8a4bdc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{cd6d88bf-e338-11de-92cc-00225f8a4bdc}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe
O33 - MountPoints2\{cd6d88bf-e338-11de-92cc-00225f8a4bdc}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 14:54:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/18 14:22:28 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Charles New\Desktop\TDSSKiller.exe
[2011/08/14 06:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\Application Data\Tific
[2011/08/14 06:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\Local Settings\Application Data\Symantec
[2011/07/28 10:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\Start Menu\Programs\pdfFactory Pro
[2011/07/28 10:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\My Documents\PDF files
[2011/07/28 10:33:04 | 000,385,024 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppmon4.dll
[2011/07/28 10:33:04 | 000,262,656 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppr432.dll
[2011/07/28 10:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles New\Local Settings\Application Data\Citrix
[2010/10/17 13:42:05 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/08/18 15:53:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/18 15:50:58 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/18 15:50:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/18 15:50:01 | 2106,470,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/18 15:41:59 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3FD3A4C-C734-4529-9D87-3AC851657ACC}.job
[2011/08/18 15:11:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/18 14:54:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/18 14:25:37 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/08/18 13:55:17 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Charles New\My Documents\Default.rdp
[2011/08/18 10:36:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Charles New\Desktop\MBR.dat
[2011/08/18 09:17:12 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Charles New\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/18 09:17:11 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/16 22:15:00 | 000,312,571 | ---- | M] () -- C:\Documents and Settings\Charles New\Desktop\Distributor Price List August 1, 2011.pdf
[2011/08/13 13:05:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/11 16:33:00 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Charles New\Desktop\TDSSKiller.exe
[2011/07/28 10:26:38 | 000,103,720 | ---- | M] () -- C:\Documents and Settings\Charles New\GoToAssistDownloadHelper.exe
[2011/07/23 22:50:28 | 000,385,024 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppmon4.dll
[2011/07/23 22:47:24 | 000,262,656 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppr432.dll

========== Files Created - No Company Name ==========

[2011/08/18 14:25:37 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/08/18 10:36:14 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Charles New\Desktop\MBR.dat
[2011/08/16 17:57:55 | 000,312,571 | ---- | C] () -- C:\Documents and Settings\Charles New\Desktop\Distributor Price List August 1, 2011.pdf
[2011/07/28 10:26:36 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Charles New\GoToAssistDownloadHelper.exe
[2011/05/12 14:09:42 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Charles New\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/15 17:20:22 | 000,469,306 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1119492408-994160716-3076737224-1006-0.dat
[2011/03/15 17:20:21 | 000,166,794 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/12 18:01:07 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2011/03/09 10:57:54 | 000,000,800 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/03/09 10:57:54 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/03/09 10:56:50 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/03/09 10:56:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/03/09 10:56:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011/03/09 09:52:34 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/03/09 09:52:33 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7840W.DAT
[2011/03/09 09:52:28 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2011/03/09 09:52:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/03/09 09:52:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/03/09 09:52:23 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/03/09 09:51:28 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011/03/09 09:09:02 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/12/25 19:06:20 | 000,040,412 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/17 13:42:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/09/15 06:59:47 | 001,564,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/26 13:34:04 | 000,000,080 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/08/26 13:34:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2010/07/12 15:21:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/17 11:24:21 | 000,000,014 | ---- | C] () -- C:\WINDOWS\hpmssnpjt.ini
[2010/01/28 18:06:12 | 000,127,408 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2010/01/28 18:06:12 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/09/02 16:36:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/06 18:48:38 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/05/07 18:02:30 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Charles New\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 16:11:27 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2009/05/06 16:08:56 | 000,000,685 | R--- | C] () -- C:\WINDOWS\System32\hppapr08.dat
[2009/05/06 16:08:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/05/06 16:06:08 | 000,001,202 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/05/06 16:00:45 | 000,153,548 | ---- | C] () -- C:\WINDOWS\hppins08.dat
[2009/05/06 16:00:45 | 000,153,507 | ---- | C] () -- C:\WINDOWS\System32\hppins08.dat
[2009/05/06 16:00:45 | 000,001,116 | ---- | C] () -- C:\WINDOWS\hppmdl08.dat
[2009/05/03 14:34:27 | 000,165,809 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
[2009/05/03 14:34:27 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
[2009/05/02 08:13:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/24 12:48:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/04/24 12:48:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/24 12:48:01 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/24 12:48:01 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/24 12:48:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/04/24 12:47:12 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/24 10:08:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/24 09:58:52 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/24 09:57:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/04/24 09:57:33 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/04/24 09:57:33 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 16:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 11:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 11:16:22 | 000,506,858 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 11:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 11:16:22 | 000,088,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 11:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 11:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 11:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 11:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 11:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 11:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 11:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 04:21:52 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/03/17 07:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/08/18 14:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/10/17 12:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2010/08/24 10:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/03/31 09:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/24 10:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/03 08:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/06 16:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zvprt50
[2010/12/24 01:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/31 16:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/12 18:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\AT&T
[2011/03/13 01:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Audacity
[2010/01/29 09:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Blackberry Desktop
[2011/03/12 18:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\DBUpdater
[2011/07/18 15:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\GARMIN
[2009/06/26 16:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\GetRightToGo
[2011/03/09 11:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\PC-FAX TX
[2010/12/13 09:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\PCDr
[2010/09/14 07:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Research In Motion
[2011/03/31 09:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\ScanSoft
[2011/03/12 17:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Sierra Wireless
[2010/05/20 12:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Sling Media
[2011/08/14 06:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Tific
[2011/05/03 08:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\TomTom
[2009/04/24 09:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Windows Desktop Search
[2009/05/01 16:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charles New\Application Data\Windows Search
[2011/08/18 15:41:59 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3FD3A4C-C734-4529-9D87-3AC851657ACC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Charles New\Desktop\Account For Charles New.grv:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\Super Bowl Briskets and Birds 2010.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\Rhizogen LLC Letterhead Template 5-09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\Rain.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\Copy of Boy Scouts Contact List 2010.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\AB site report (2).doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Charles New\My Documents\1733821.pdf:Roxio EMC Stream

< End of report >
  • 0

#12
Essexboy
Posted 18 August 2011 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Has the browser problem ceased ?

If you could run a quickscan with malwarebytes noiw please
  • 0

#13
lostraider88
Posted 18 August 2011 - 03:34 PM

lostraider88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the MBAM log...what next?

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7502

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/18/2011 4:32:09 PM
mbam-log-2011-08-18 (16-32-09).txt

Scan type: Quick scan
Objects scanned: 202495
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
lostraider88
Posted 19 August 2011 - 08:07 AM

lostraider88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the help. Everything seems to be running fine. I'll brag about Geeks to Go to all my friends. Thanks again.
  • 0

#15
Essexboy
Posted 19 August 2011 - 12:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :unsure:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP