========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\1319740493.2396.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.2964.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.3556.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.3588.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.4008.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.836.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.3592.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\1319740493.3384.bin moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.31.0 log created on 10312011_005419
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 10/31/2011 1:01:07 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.48 Mb Total Physical Memory | 500.07 Mb Available Physical Memory | 48.91% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 79.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.44 Gb Total Space | 72.98 Gb Free Space | 84.43% Space Free | Partition Type: NTFS
Drive D: | 6.71 Gb Total Space | 3.97 Gb Free Space | 59.19% Space Free | Partition Type: FAT32
Computer Name: YOUR-AD5B808096 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
PRC - [2011/10/24 18:49:58 | 001,148,584 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2011/10/24 18:47:24 | 001,538,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2011/10/21 18:54:10 | 000,093,912 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe
PRC - [2011/10/20 18:11:42 | 000,050,128 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2011/07/11 17:06:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/03 16:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe
PRC - [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1310422344\EE\AOLServiceHost.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
========== Modules (No Company Name) ========== MOD - [2011/10/24 18:46:02 | 000,135,088 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\popup.dll
MOD - [2011/10/21 14:04:28 | 001,910,272 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpfr.mdl
MOD - [2011/10/21 14:04:28 | 001,909,760 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2011/10/21 14:04:28 | 001,858,560 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2011/10/21 14:04:28 | 000,952,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2011/10/21 14:04:28 | 000,632,832 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2011/10/21 14:04:28 | 000,444,416 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2011/10/21 14:04:26 | 002,054,144 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2011/10/21 14:04:26 | 000,509,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2011/10/21 14:04:26 | 000,389,632 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2011/10/20 18:14:46 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2011/10/20 18:03:26 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2011/10/20 18:03:18 | 000,249,424 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2011/10/20 18:02:48 | 000,109,856 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2011/10/20 18:02:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2011/10/17 09:43:02 | 000,107,008 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\popup.ui
MOD - [2011/10/17 09:43:02 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2011/10/17 09:43:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2011/10/15 00:07:58 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2011/10/15 00:05:48 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/15 00:05:32 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2011/10/14 23:57:34 | 000,337,992 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/10/07 16:26:02 | 000,574,904 | ---- | M] () -- C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\bdsmartdb.dll
MOD - [2011/08/09 12:16:10 | 000,112,952 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnimbus.dll
MOD - [2011/07/29 11:29:08 | 001,236,176 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\wslib.dll
MOD - [2011/07/14 17:59:24 | 000,074,336 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/05/19 19:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_06506_026\avxdisk.dll
MOD - [2011/03/01 17:46:16 | 000,132,176 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/11/03 16:03:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Common Files\AOL\1310422344\EE\libexpat.dll
MOD - [2004/09/28 03:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/24 18:47:24 | 001,538,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2011/10/20 18:11:42 | 000,050,128 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/10/14 23:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/07/11 17:06:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
========== Driver Services (SafeList) ========== DRV - [2011/10/14 23:57:34 | 000,311,248 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2011/09/29 16:09:50 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/09/01 11:15:08 | 000,454,960 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2011/09/01 11:12:42 | 000,596,600 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2011/07/19 16:20:36 | 000,127,056 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/15 16:11:46 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/07/11 17:13:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/01 17:45:34 | 000,113,232 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/03/01 17:45:32 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2005/02/11 03:52:00 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/02 00:39:20 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/17 08:27:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/30 00:39:00 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/06/28 02:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/28 02:02:34 | 000,034,048 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/06/17 02:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 02:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 02:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.cnn.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Owner.YOUR-AD5B808096\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011/10/27 15:14:59 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/10/27 22:16:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1310422344\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}
http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC2BACB1-098B-4475-82DD-4E44BFC8B79F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gateway.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/27 20:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/10/31 00:54:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/30 14:36:23 | 004,307,416 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe
[2011/10/30 14:31:20 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe
[2011/10/30 14:23:44 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe
[2011/10/29 01:30:39 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe
[2011/10/29 01:23:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/27 15:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2011/10/27 15:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Bitdefender
[2011/10/27 15:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/10/27 15:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/27 15:02:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/27 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/27 13:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/27 13:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/10/27 13:34:58 | 000,311,248 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/10/27 13:34:57 | 000,353,096 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2011/10/27 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/10/27 13:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\QuickScan
[2011/10/26 20:44:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/26 20:41:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/26 20:41:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/26 20:41:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/26 20:41:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/26 20:41:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/26 20:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 20:40:19 | 004,274,254 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
[2011/10/26 16:59:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/26 16:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Malwarebytes
[2011/10/26 16:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/25 23:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/25 23:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/25 22:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/10/31 00:56:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 00:56:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/31 00:55:59 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 00:41:14 | 000,000,303 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/31 00:25:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 20:55:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job
[2011/10/30 14:36:39 | 004,307,416 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe
[2011/10/30 14:31:30 | 004,845,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe
[2011/10/30 14:23:53 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe
[2011/10/29 01:30:58 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe
[2011/10/27 22:16:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/27 21:57:49 | 004,274,254 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\ComboFix.exe
[2011/10/27 21:16:27 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/10/27 15:17:10 | 000,246,169 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1319746070.bdinstall.bin
[2011/10/27 15:15:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/10/27 15:15:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/27 15:15:04 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2011/10/27 15:02:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/26 20:44:25 | 000,000,312 | RHS- | M] () -- C:\boot.ini
[2011/10/26 17:00:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\OTL.exe
[2011/10/14 23:57:34 | 000,311,248 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2011/10/11 19:07:50 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:55:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 18:54:50 | 000,442,114 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:54:50 | 000,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/10/30 00:42:05 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job
[2011/10/27 21:16:27 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/10/27 15:31:46 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2011/10/27 15:17:10 | 000,246,169 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1319746070.bdinstall.bin
[2011/10/27 15:15:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2011/10/27 15:15:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/10/27 15:15:04 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2012.lnk
[2011/10/27 15:02:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/26 20:44:25 | 000,000,197 | ---- | C] () -- C:\Boot.bak
[2011/10/26 20:44:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/26 20:41:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/26 20:41:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/26 20:41:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/26 20:41:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/26 20:41:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/24 16:35:28 | 000,233,444 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010005.JPG
[2011/10/24 16:35:17 | 000,234,556 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010004.JPG
[2011/10/24 16:35:06 | 000,233,016 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010003.JPG
[2011/10/24 16:34:51 | 000,262,623 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010002.JPG
[2011/10/24 16:34:42 | 000,232,214 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-AD5B808096\My Documents\P1010001.JPG
[2011/08/19 10:35:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/17 13:20:22 | 000,612,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/11 17:12:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/11 17:11:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/07/11 17:06:49 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2011/07/11 16:50:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/07/11 16:30:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/07/11 16:29:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/07/11 16:29:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/07/11 16:29:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/07/11 16:29:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/07/11 16:28:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/07/11 16:28:44 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/11 16:23:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/11 16:15:44 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/07/11 16:15:35 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/07/11 16:15:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/07/11 16:03:15 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/28 12:47:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/27 21:43:40 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/10/27 20:24:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/27 20:14:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/27 19:53:07 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/27 19:53:07 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/10/27 19:52:06 | 000,442,114 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/27 19:52:06 | 000,071,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/27 13:07:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/27 13:06:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ========== [2011/10/27 15:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2011/07/17 12:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/07/11 17:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/27 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\Bitdefender
[2011/07/15 18:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\ElevatedDiagnostics
[2011/10/27 13:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\QuickScan
[2011/07/11 17:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-AD5B808096\Application Data\SampleView
[2011/10/30 20:55:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\WINDOWS\WindowsUpdate.log:BDU
@Alternate Data Stream - 16 bytes -> C:\WINDOWS\tasks\User_Feed_Synchronization-{58EA9D84-8565-464C-9DCF-59B43ACA0438}.job:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\VEW.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\tdsskiller.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\spsetup113.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner.YOUR-AD5B808096\Desktop\procexp.exe:BDU
< End of report >
Just curious was this caused by the java download? Im going to bed but will check back tomorrow.
Edited by clarissagraff, 31 October 2011 - 12:16 AM.