Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smiley Central/ My Web Search


  • This topic is locked This topic is locked

#1
bikeguy08

bikeguy08

    Member

  • Member
  • PipPip
  • 45 posts
Someone in my house downloaded Smiley Central. Tried to remove it (add/remove)but it's still there. I scanned with Malwarebytes and Norton 360, it disappeared for a day but it's back. Recent scans didn't detect anything. Seems to be only showing up in Firefox not IE.
Any help would be appreciated.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello bikeguy08 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
TL Extras logfile created on: 10/24/2011 8:16:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\BILL\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 331.57 Mb Available Physical Memory | 32.40% Memory free
1.28 Gb Paging File | 0.55 Gb Available in Paging File | 42.90% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 2.65 Gb Free Space | 7.12% Space Free | Partition Type: NTFS

Computer Name: S0026081863 | User Name: BILL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"1648:TCP" = 1648:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"5803:TCP" = 5803:TCP:*:Enabled:Services
"5804:TCP" = 5804:TCP:*:Enabled:Services
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"1648:TCP" = 1648:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5803:TCP" = 5803:TCP:*:Enabled:Services
"5804:TCP" = 5804:TCP:*:Enabled:Services
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~2.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~2.0
"C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\Rio\Rio Music Manager\riomm.exe" = C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1109817879\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1109817879\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe" = C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe:*:Enabled:TuneSync -- (Highwind Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(Verizon Online)" = Visual IP InSight(Verizon Online)
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE73C0C-34EA-4888-86DB-EEDB9B69DB94}" = HelpSpot
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA4741F4-5BEC-4E6C-B5A3-6E4C1F2C68E8}" = CASIO USB Driver V1.4.200.0407
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}" = C771 USB Driver V1.0.11.0
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GTW V.92 Voice Modem" = GTW V.92 Voice Modem
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"N360" = Norton 360
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"TuneSync Server" = TuneSync Server 2.0.16
"Verizon Online DSL_is1" = Verizon Online DSL
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2011 10:13:04 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{536FB502-775F-4494-BACE-C02CC90B7A5B}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/23/2011 9:40:53 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/23/2011 9:41:47 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{CEF209AB-F96D-404F-B5CC-44057C057CA3}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/23/2011 9:42:59 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{AD0DE453-0804-4495-9C91-33D0F9AA5463}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/23/2011 9:44:11 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{536FB502-775F-4494-BACE-C02CC90B7A5B}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/24/2011 7:28:45 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/24/2011 7:29:21 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{CEF209AB-F96D-404F-B5CC-44057C057CA3}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/24/2011 7:29:58 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{AD0DE453-0804-4495-9C91-33D0F9AA5463}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/24/2011 7:30:34 AM | Computer Name = S0026081863 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Home and Student 2007 - Update '{536FB502-775F-4494-BACE-C02CC90B7A5B}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 10/24/2011 1:56:32 PM | Computer Name = S0026081863 | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ OSession Events ]
Error - 8/28/2009 3:28:00 PM | Computer Name = S0026081863 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/12/2009 8:49:45 AM | Computer Name = S0026081863 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 54
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/8/2011 9:34:31 AM | Computer Name = S0026081863 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 233
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/23/2011 9:43:05 AM | Computer Name = S0026081863 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office 2007 System (KB2509488).

Error - 10/23/2011 9:44:16 AM | Computer Name = S0026081863 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for the 2007 Microsoft Office System (KB2345043).

Error - 10/23/2011 9:49:48 AM | Computer Name = S0026081863 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 10/23/2011 6:54:31 PM | Computer Name = S0026081863 | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.36,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 10/24/2011 7:28:52 AM | Computer Name = S0026081863 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office PowerPoint Viewer 2007
(KB2464623).

Error - 10/24/2011 7:29:27 AM | Computer Name = S0026081863 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for the 2007 Microsoft Office System (KB2466156).

Error - 10/24/2011 7:30:03 AM | Computer Name = S0026081863 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office 2007 System (KB2509488).

Error - 10/24/2011 7:30:39 AM | Computer Name = S0026081863 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for the 2007 Microsoft Office System (KB2345043).

Error - 10/24/2011 7:32:19 AM | Computer Name = S0026081863 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 10/24/2011 5:02:52 PM | Computer Name = S0026081863 | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.36,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.


< End of report >
  • 0

#4
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
OTL logfile created on: 10/24/2011 8:16:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\BILL\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 331.57 Mb Available Physical Memory | 32.40% Memory free
1.28 Gb Paging File | 0.55 Gb Available in Paging File | 42.90% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 2.65 Gb Free Space | 7.12% Space Free | Partition Type: NTFS

Computer Name: S0026081863 | User Name: BILL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 20:15:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BILL\My Documents\Downloads\OTL.scr
PRC - [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/23 23:08:36 | 000,270,160 | ---- | M] (Highwind Software) -- C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2002/03/18 09:34:42 | 000,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
PRC - [2002/03/18 09:34:42 | 000,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\ipmon32.exe
PRC - [2001/11/27 09:55:50 | 000,101,615 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/17 18:02:16 | 003,552,856 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll
MOD - [2011/10/03 16:19:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/23 18:11:10 | 006,277,280 | ---- | M] () -- C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PictureTaker)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/17 18:02:16 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)


========== Driver Services (SafeList) ==========

DRV - [2011/10/14 19:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111014.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/23 00:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111021.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/07 13:08:43 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111023.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/07 13:08:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111023.005\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 18:58:34 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 18:58:34 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/06 16:04:37 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/26 23:40:40 | 000,057,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\C771BUS.sys -- (C771BUS)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/11/27 09:55:50 | 001,143,360 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2001/08/17 15:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.spincycl...s/sso/login.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "mail.spincycleservices.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.31.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/09/29 07:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_2_3 [2011/10/24 17:01:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 16:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/12 15:04:45 | 000,000,000 | ---D | M]

[2011/05/11 06:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Extensions
[2011/07/29 17:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions
[2011/05/11 06:50:38 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\[email protected]
[2010/03/24 16:57:36 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\bing.xml
[2011/10/14 19:10:12 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml
[2011/08/18 14:36:47 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml
[2011/08/31 09:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/29 13:46:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 17:01:38 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN_2011_7_2_3
[2011/09/29 07:43:04 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
[2011/05/11 14:36:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 16:19:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/06/16 09:19:59 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2011/07/29 13:49:48 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/03 16:19:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/07/29 09:56:46 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe ()
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TuneSync] C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe (Highwind Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...83/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1205768523015 (MUWebControl Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.a...,20/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54254FD0-E060-4E67-9C60-B3657573DFBE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BILL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/01 23:02:02 | 000,000,002 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/18 20:15:18 | 004,300,044 | ---- | M] () - C:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2002/05/02 14:44:42 | 000,000,105 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell - "" = AutoRun
O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell\AutoRun\command - "" = C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell\AutoRun\command - "" = C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 17:12:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BILL\Recent
[2 C:\Documents and Settings\BILL\Desktop\*.tmp files -> C:\Documents and Settings\BILL\Desktop\*.tmp -> ]
[19 C:\Documents and Settings\BILL\My Documents\*.tmp files -> C:\Documents and Settings\BILL\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\BILL\*.tmp files -> C:\Documents and Settings\BILL\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/24 17:12:15 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/10/24 17:00:46 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/10/24 17:00:36 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 15:30:04 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/10/20 19:07:25 | 000,104,892 | ---- | M] () -- C:\Documents and Settings\BILL\My Documents\CJ.JPG
[2011/10/17 18:04:54 | 000,066,228 | -H-- | M] () -- C:\WINNT\System32\mlfcache.dat
[2011/10/14 16:59:36 | 000,308,400 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2011/10/14 07:10:12 | 000,437,864 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/10/14 07:10:12 | 000,068,090 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011/10/10 12:42:54 | 000,012,902 | ---- | M] () -- C:\Documents and Settings\BILL\Desktop\41MAYAF2H8L._SL500_AA300_.jpg
[2011/09/27 16:45:32 | 000,000,280 | ---- | M] () -- C:\{15E40580-1101-457F-83B3-C14E9219901C}
[2011/09/26 16:00:49 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2 C:\Documents and Settings\BILL\Desktop\*.tmp files -> C:\Documents and Settings\BILL\Desktop\*.tmp -> ]
[19 C:\Documents and Settings\BILL\My Documents\*.tmp files -> C:\Documents and Settings\BILL\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\BILL\*.tmp files -> C:\Documents and Settings\BILL\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/20 19:07:25 | 000,104,892 | ---- | C] () -- C:\Documents and Settings\BILL\My Documents\CJ.JPG
[2011/10/10 12:42:50 | 000,012,902 | ---- | C] () -- C:\Documents and Settings\BILL\Desktop\41MAYAF2H8L._SL500_AA300_.jpg
[2011/09/27 16:45:32 | 000,000,280 | ---- | C] () -- C:\{15E40580-1101-457F-83B3-C14E9219901C}
[2011/09/26 16:00:49 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2011/09/10 11:02:21 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2011/08/05 14:34:48 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2011/07/23 11:24:17 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2010/06/13 13:48:38 | 001,103,360 | ---- | C] () -- C:\WINNT\System32\cidfont.dll
[2010/06/13 13:48:36 | 004,369,408 | ---- | C] () -- C:\WINNT\System32\pdftk.exe
[2010/06/13 13:48:36 | 000,235,008 | ---- | C] () -- C:\WINNT\System32\office.exe
[2010/06/03 15:15:32 | 000,021,124 | ---- | C] () -- C:\WINNT\hpomdl07.dat.temp
[2010/03/18 20:31:41 | 000,000,048 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
[2010/02/11 07:06:29 | 000,000,183 | ---- | C] () -- C:\WINNT\System32\MRT.INI
[2010/01/29 18:56:42 | 000,066,228 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2009/12/20 16:26:32 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\MSVolumeAMP.dll
[2009/12/07 21:00:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgpdf2.dll
[2009/09/29 12:54:57 | 000,000,227 | ---- | C] () -- C:\WINNT\HP_CounterReport_Update_HPSU.ini
[2008/12/07 19:50:20 | 000,113,168 | ---- | C] () -- C:\WINNT\hpoins07.dat
[2008/12/07 19:50:20 | 000,021,124 | ---- | C] () -- C:\WINNT\hpomdl07.dat
[2008/12/07 12:44:03 | 000,000,214 | ---- | C] () -- C:\WINNT\HP_48BitScanUpdatePatch.ini
[2008/12/04 21:36:24 | 000,000,221 | ---- | C] () -- C:\WINNT\HP_RedboxHprblog_HPSU.ini
[2008/11/25 12:07:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BILL\Application Data\AVSMediaPlayer.m3u
[2008/11/25 12:03:47 | 000,524,288 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2008/11/25 12:03:47 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2008/06/02 14:40:50 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\BILL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/06 08:31:43 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2008/03/11 12:55:13 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/13 09:55:26 | 000,000,071 | ---- | C] () -- C:\WINNT\C64.ini
[2007/08/13 09:53:16 | 000,000,182 | ---- | C] () -- C:\WINNT\System32\EBPPORT4.DAT
[2007/05/14 08:17:34 | 000,126,976 | ---- | C] () -- C:\WINNT\System32\unzdll.dll
[2007/03/29 13:37:15 | 000,091,648 | ---- | C] () -- C:\WINNT\gzip.exe
[2007/03/09 10:04:25 | 000,000,010 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/10/27 19:07:57 | 000,000,848 | ---- | C] () -- C:\WINNT\Hbcwty01.ini
[2005/10/27 19:03:48 | 000,000,015 | ---- | C] () -- C:\WINNT\wgedit.ini
[2005/03/02 22:49:48 | 000,000,715 | ---- | C] () -- C:\WINNT\aolback.exe.lnk
[2005/01/12 20:53:41 | 000,000,988 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2004/12/28 10:30:46 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/08 19:15:03 | 000,000,171 | ---- | C] () -- C:\WINNT\WININIT.INI
[2004/09/08 19:14:59 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2004/06/04 20:44:56 | 000,000,145 | ---- | C] () -- C:\WINNT\System32\EBPPORT3.DAT
[2003/08/26 17:13:44 | 000,000,026 | ---- | C] () -- C:\WINNT\UP9ASP.INI
[2003/08/15 13:38:21 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/05/19 18:33:00 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2003/03/01 20:59:06 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\wh2robo.dll
[2003/03/01 20:59:06 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\regobj.dll
[2002/11/30 09:17:46 | 000,000,218 | ---- | C] () -- C:\WINNT\disney.ini
[2002/11/05 18:49:39 | 000,000,145 | ---- | C] () -- C:\WINNT\SYMGAMES.INI
[2002/10/27 13:52:08 | 000,000,532 | ---- | C] () -- C:\WINNT\eReg.dat
[2002/05/25 08:58:31 | 000,000,010 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2002/05/25 08:58:27 | 000,000,042 | ---- | C] () -- C:\WINNT\ka.INI
[2002/05/10 16:54:14 | 000,000,950 | ---- | C] () -- C:\WINNT\hegames.ini
[2002/02/23 21:33:18 | 000,045,568 | ---- | C] () -- C:\WINNT\UniFish3.exe
[2002/02/10 13:37:58 | 000,000,903 | ---- | C] () -- C:\WINNT\PowerReg.dat
[2002/02/10 13:36:40 | 000,000,023 | ---- | C] () -- C:\WINNT\EPSC80.ini
[2002/02/01 23:02:39 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2002/02/01 22:45:04 | 000,000,699 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/01/11 15:15:24 | 000,109,056 | ---- | C] () -- C:\WINNT\UNWISE32.EXE
[2002/01/11 15:15:24 | 000,082,864 | ---- | C] () -- C:\WINNT\UNWISE.EXE
[2002/01/11 15:15:24 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise32.ini
[2002/01/11 15:15:24 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise.ini
[2002/01/11 15:15:23 | 000,377,600 | ---- | C] () -- C:\WINNT\System32\BOCOLE.DLL
[2002/01/11 15:15:23 | 000,167,456 | ---- | C] () -- C:\WINNT\System32\Bocof.dll
[2002/01/11 15:14:57 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/01/11 15:12:44 | 000,040,960 | ---- | C] () -- C:\WINNT\uneng.exe
[2002/01/11 14:11:36 | 000,040,960 | ---- | C] () -- C:\WINNT\GWMDMpi.exe
[2001/10/09 15:08:15 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2001/10/09 14:54:47 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2001/10/09 14:47:40 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2001/10/09 14:40:34 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2001/10/09 14:39:46 | 000,308,400 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2000/09/13 22:03:00 | 000,000,145 | ---- | C] () -- C:\WINNT\System32\EBPPORT.DAT
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\vidx16.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,437,864 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,068,090 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

========== LOP Check ==========

[2011/07/29 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/05/11 06:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2011/05/11 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2011/05/11 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/05/11 06:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2011/05/11 06:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/11 06:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2011/05/11 06:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/11 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/05/11 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/11 06:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Aim
[2011/07/30 19:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Amazon
[2011/07/29 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\BabylonToolbar
[2011/05/11 06:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\com.constantcontact.add.to.constant.contact.93436992F81E3F56888A803A704436FF5667EB0D.1
[2011/05/11 06:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Final Draft
[2011/05/11 06:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\GetRightToGo
[2011/05/11 06:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Image Zone Express
[2011/05/11 06:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\InterTrust
[2011/05/11 06:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\LimeWire
[2011/05/11 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\MSNInstaller
[2011/05/11 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\OverDrive
[2011/05/11 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Smart PDF Converter Pro
[2011/05/11 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Snapfish
[2011/07/23 19:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Tific

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2004/03/18 20:15:18 | 004,300,044 | ---- | M] () -- C:\Autorun.exe
[2004/06/28 02:05:18 | 027,387,392 | ---- | M] () -- C:\fd70040.exe
[2003/10/01 14:18:32 | 008,072,192 | ---- | M] () -- C:\Final Draft AV 2 Demo.exe
[2008/09/08 10:25:43 | 065,324,566 | ---- | M] () -- C:\Final.Draft.7.exe
[2004/07/09 20:57:16 | 000,049,152 | ---- | M] () -- C:\Final.Draft.7.Keygen.exe
[2003/03/27 15:20:28 | 001,294,296 | ---- | M] (Macromedia, Inc.) -- C:\FinalDraftAV.exe
[2009/06/16 09:16:26 | 000,243,048 | ---- | M] () -- C:\hkinstaller.exe
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2004/04/07 18:07:02 | 027,332,608 | ---- | M] () -- C:\setup.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINNT\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINNT\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINNT\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINNT\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINNT\$NtServicePackUninstall$\winlogon.exe
[2001/08/18 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINNT\$NtUninstallKB841533$\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINNT\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINNT\$hf_mig$\KB841533\SP1QFE\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 1125 bytes -> C:\Documents and Settings\BILL\My Documents\Fwd_Fw_Pleasesendback.eml:OECustomProperty

< End of report >
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi bikeguy08,

Please restart your system after OTL fix and check to see if Smiley Central is gone. If there is any leftovers write to me where you find it (Firefox, Internet explorer etc.)

Step 1

First of all...

Here at Geeks to Go we have a policy of not offering assistance to those with 'cracked' software. It is quite evident from the OTL log that you have this type of material residing on your computer. It would appear that downloading this type of material is the most likely cause of the infections and problems you are experiencing with your system. Using 'cracked' software is not only inviting a host of different types of virus and malware but is also illegal.

I would recommend you to remove all cracks from your system because next time you require assistance you may not get any help.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="
    [2011/10/14 19:10:12 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml
    [2011/08/18 14:36:47 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml
    O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell - "" = AutoRun
    O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell\AutoRun\command - "" = C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
    O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell - "" = AutoRun
    O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell\AutoRun\command - "" = C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
It would be helpful if you could post each log in separate post
  • 0

#6
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-25 06:40:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400JB-00ENA0 rev.05.03E05
Running: dhjkoluj.exe; Driver: C:\DOCUME~1\BILL\LOCALS~1\Temp\awryafow.sys


---- System - GMER 1.0.15 ----

SSDT 86981DA8 ZwAlertResumeThread
SSDT 86981E88 ZwAlertThread
SSDT 86987F80 ZwAllocateVirtualMemory
SSDT 86988EF0 ZwAssignProcessToJobObject
SSDT 86A23A10 ZwConnectPort
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF59F3710]
SSDT 86981AF8 ZwCreateMutant
SSDT 86988D10 ZwCreateSymbolicLinkObject
SSDT 869BCD40 ZwCreateThread
SSDT 86988FD0 ZwDebugActiveProcess
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF59F3990]
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF59F3EF0]
SSDT IPVNMon.sys (IPVNMon/Visual Networks) ZwDeviceIoControlFile [0xF7256B23]
SSDT 869BCA08 ZwDuplicateObject
SSDT 86987DA0 ZwFreeVirtualMemory
SSDT 86981BE8 ZwImpersonateAnonymousToken
SSDT 86981CC8 ZwImpersonateThread
SSDT 86DA2050 ZwLoadDriver
SSDT 86987CA0 ZwMapViewOfSection
SSDT 86981A18 ZwOpenEvent
SSDT 869BCBE8 ZwOpenProcess
SSDT 86D49F28 ZwOpenProcessToken
SSDT 86981858 ZwOpenSection
SSDT 869BCAF8 ZwOpenThread
SSDT 86988E00 ZwProtectVirtualMemory
SSDT 86981F48 ZwResumeThread
SSDT 869879F0 ZwSetContextThread
SSDT 86987AD0 ZwSetInformationProcess
SSDT 86981710 ZwSetSystemInformation
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF59F4140]
SSDT 86981938 ZwSuspendProcess
SSDT 86987830 ZwSuspendThread
SSDT 86987218 ZwTerminateProcess
SSDT 86987910 ZwTerminateThread
SSDT 86987BC0 ZwUnmapViewOfSection
SSDT 86987E90 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F0 804E275C 1 Byte [10]
.text ntoskrnl.exe!_abnormal_termination + 1B0 804E281C 4 Bytes CALL B0D4C03C
.text ntoskrnl.exe!_abnormal_termination + 234 804E28A0 8 Bytes CALL A8D4C470
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[748] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[748] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[748] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[748] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 0426003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011DFAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 04260319
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 042600F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 04260263
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] kernel32.dll!GetVersionExA + D3 7C812C51 7 Bytes JMP 042603CF
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] kernel32.dll!GetProcessHandleCount + 35 7C86229F 7 Bytes JMP 042601AD

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tunmp.sys[NDIS.SYS!NdisMRegisterMiniport] [F72566E9] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\system32\DRIVERS\tunmp.sys[NDIS.SYS!NdisMSetAttributesEx] [F7256A5D] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F7256A5D] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F72566E9] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7256A33] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7256979] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F7256A5D] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F725648A] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F72566E9] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F725648A] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7256979] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7256A33] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F7256A5D] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F72566E9] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F7256A5D] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F72566E9] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F7256A5D] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F72566E9] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F725648A] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7256A33] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7256979] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7256A33] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7256979] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F725648A] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F725648A] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7256979] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7256A33] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [F725648A] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [F7256A33] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [F7256979] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F725648A] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7256A33] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7256979] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\asyncmac.sys[NDIS.SYS!NdisMRegisterMiniport] [F72566E9] IPVNMon.sys (IPVNMon/Visual Networks)
IAT \SystemRoot\System32\DRIVERS\asyncmac.sys[NDIS.SYS!NdisMSetAttributesEx] [F7256A5D] IPVNMon.sys (IPVNMon/Visual Networks)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!CreateProcessW] [58001EDA] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!LdrUnloadDll] [58002580] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!LdrLoadDll] [580024FB] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [58002425] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [58001EDA] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5800271D] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [58001DA8] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [58001EDA] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [58002695] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5800271D] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [58001EDA] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5800271D] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [58001EDA] C:\Program Files\Verizon Online\VisualIPInsight\IPHook32.dll (System Hook DLL/Visual Networks)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3616] @ C:\WINNT\System32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\[email protected] {00020906-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\[email protected] WordDocument
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\[email protected] WordDocument

---- EOF - GMER 1.0.15 ----
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Sorry for my fast reply. Please read my last post and post logs.
  • 0

#8
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi
It appears to have worked.
I dont know what you mean by "Cracked" software, if you let me know what it is I'll remove it.
Thanks

All processes killed
========== OTL ==========
Prefs.js: "http://search.mywebs...kwd&searchfor=" removed from keyword.URL
C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml moved successfully.
C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63df75e4-dc17-11e0-8bc6-000347d27f52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63df75e4-dc17-11e0-8bc6-000347d27f52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63df75e4-dc17-11e0-8bc6-000347d27f52}\ not found.
File C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\ not found.
File C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: BILL
->Temp folder emptied: 15004 bytes
->Temporary Internet Files folder emptied: 1655186 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57827202 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 890 bytes

User: CJ
->Temp folder emptied: 1715 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43286437 bytes
->Flash cache emptied: 470 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathleen Goulet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44126049 bytes
->Flash cache emptied: 470 bytes

User: Kylie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->FireFox cache emptied: 6518363 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 593214 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44945 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 147.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10252011_065820

Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\Perflib_Perfdata_69c.dat not found!
C:\WINNT\temp\Perflib_Perfdata_7e0.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

C:\Final.Draft.7.Keygen.exe
C:\Final.Draft.7.exe


I see you download/use keygens. As I sad before this is the most likely cause of the infections and problems you are experiencing with your system. I would ask you to remove this files from your system.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#10
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Interesting. Final Draft is a very popular screenwriting software product. I purchased it legitimately. How is this illegal?
Or are you saying that those particular files are infected somehow?
Uninstalling the program is not really an option.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Notice Keygen word inside file name:

C:\Final.Draft.7.Keygen.exe

That means that you (or someone else) downloaded keygen for this particular software. Keygens are programs that can provide you software license in illegal way.

Uninstalling the program is not really an option.


If you bought license than it's OK. But if you used keygen to get license than you are obligated to remove it because it is illegal. Hope you understand that.

Please post Malwarebytes log after the scan.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP