Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Help Needed

Started by R1PJ4CK , Nov 07 2011 03:34 PM

  • Please log in to reply

#1
R1PJ4CK
Posted 07 November 2011 - 03:34 PM

R1PJ4CK

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

Got the google redirect/yellowise virus thing going on. Not sure if it's also related, but have random ads/music coming through my speakers. Won't let me restore or use Rkill and obviously Malwarebytes isn't finding much either. Ran OTL, see below, thanks in advance for any help you can lend.

OTL logfile created on: 11/7/2011 2:22:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Noel Jacoway\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 57.90% Memory free
3.35 Gb Paging File | 2.76 Gb Available in Paging File | 82.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 889.28 Gb Free Space | 95.47% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-C06F1F61DA | User Name: Noel Jacoway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 14:00:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel Jacoway\Desktop\OTL.exe
PRC - [2011/08/03 04:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTSched.exe
PRC - [2004/01/27 01:59:40 | 000,184,320 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/03 04:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)


========== Driver Services (SafeList) ==========

DRV - [2007/11/21 17:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007/10/10 19:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2006/08/09 05:00:00 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/08/09 05:00:00 | 000,192,512 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2006/08/09 05:00:00 | 000,169,472 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/08/09 05:00:00 | 000,099,840 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/08/09 05:00:00 | 000,099,840 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/09 05:00:00 | 000,067,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2006/08/09 05:00:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/09 05:00:00 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/08/09 05:00:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2006/08/09 05:00:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/08/07 19:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/12/08 11:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 11:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



O1 HOSTS File: ([2006/08/09 05:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.182.72.3 66.182.71.3 63.248.1.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F15FB6CE-7ABB-4E78-A598-63EE2C1F1F80}: DhcpNameServer = 66.182.72.3 66.182.71.3 63.248.1.19
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/03 13:24:50 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/09 05:00:00 | 000,000,097 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 14:00:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Noel Jacoway\Desktop\OTL.exe
[2011/11/06 23:35:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Noel Jacoway\Recent
[2011/11/02 08:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\Geckofx
[2011/11/02 08:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Firefly Studios
[2011/11/02 08:32:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Noel Jacoway\My Documents\Stronghold Kingdoms
[2011/11/02 08:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/11/01 13:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gates of Andaron
[2011/11/01 13:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge4D
[2011/10/25 21:26:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/10/24 12:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\HorizonWimba
[2011/10/24 12:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/10/24 12:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/24 12:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/24 12:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/24 12:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Sun
[2011/10/21 20:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\riotsGamesLogs
[2011/10/21 20:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\LolClient
[2011/10/21 19:49:36 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/10/21 19:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Riot Games
[2011/10/21 16:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Desktop\LeagueOfLegends
[2011/10/16 17:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Skype
[2011/10/16 17:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/10/16 17:01:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/10/16 17:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/10/15 21:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Mozilla
[2011/10/15 21:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\Turbine
[2011/10/15 21:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbine
[2011/10/15 16:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Desktop\DDO High Res Install Files
[2011/10/15 10:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Ventrilo
[2011/10/15 10:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo
[2011/10/15 10:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/10/15 10:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/10/10 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\AdobeUM
[2011/10/03 13:34:32 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[60 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 14:00:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel Jacoway\Desktop\OTL.exe
[2011/11/07 13:36:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 13:36:25 | 1609,093,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 13:17:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/06 23:36:37 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 23:15:25 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/06 23:12:41 | 000,000,280 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/06 23:12:41 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/06 11:34:05 | 000,444,380 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 11:34:05 | 000,072,076 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 13:44:08 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gates of Andaron.lnk
[2011/10/21 19:53:06 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011/10/15 21:12:52 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\Noel Jacoway\Desktop\DDO Unlimited.lnk
[2011/10/15 10:17:20 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/10/15 10:17:20 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/14 02:18:48 | 000,269,392 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 02:02:33 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[60 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 13:26:55 | 1609,093,120 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/06 23:12:41 | 000,000,280 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/06 23:12:41 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/06 23:12:14 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/01 13:44:08 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gates of Andaron.lnk
[2011/10/21 19:53:06 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011/10/16 17:01:46 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/15 21:12:52 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\Noel Jacoway\Desktop\DDO Unlimited.lnk
[2011/10/15 10:17:20 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/10/15 10:17:17 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/04 20:41:14 | 000,103,535 | -H-- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/10/04 20:41:14 | 000,017,176 | -H-- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/10/03 22:42:50 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\fusioncache.dat
[2011/10/03 17:06:01 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2011/10/03 17:06:01 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/10/03 17:05:39 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2011/10/03 17:05:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2011/10/03 17:05:39 | 000,008,251 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2011/10/03 15:57:35 | 000,280,276 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/03 15:57:35 | 000,280,276 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/03 15:57:35 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/03 15:57:27 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/03 13:37:22 | 000,831,600 | -H-- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2011/10/03 13:37:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2011/10/03 13:30:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/03 13:22:57 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/03 06:19:52 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/10/03 06:18:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/03 06:17:53 | 000,269,392 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/09 05:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/08/09 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/08/09 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/08/09 05:00:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/09 05:00:00 | 000,444,380 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/09 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/08/09 05:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/09 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/08/09 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/08/09 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/08/09 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/08/09 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/08/09 05:00:00 | 000,072,076 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/09 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/08/09 05:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\CMDOW.EXE
[2006/08/09 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/08/09 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/09 05:00:00 | 000,004,486 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/08/09 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/08/09 05:00:00 | 000,001,350 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/09 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/11/02 08:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/10/04 19:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/11/07 13:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/10/04 19:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/11/02 08:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel Jacoway\Application Data\Firefly Studios
[2011/10/24 12:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel Jacoway\Application Data\HorizonWimba
[2011/10/21 20:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel Jacoway\Application Data\LolClient
[2011/10/03 16:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Noel Jacoway\Application Data\wargaming.net

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX3\procs\explorer.exe
[2006/08/09 05:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX2\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX3\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/08/09 05:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/08/09 05:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX3\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/08/09 05:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX1\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX2\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Noel Jacoway\Local Settings\Temp\RarSFX3\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< >

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 07 November 2011 - 10:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
[2011/11/06 23:15:25 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/06 23:12:41 | 000,000,280 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/06 23:12:41 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Ron
  • 0

#3
R1PJ4CK
Posted 08 November 2011 - 07:16 PM

R1PJ4CK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hey Ron thanks for having a look at this for me, here you go:

1st OTL run:

========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk moved successfully.
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Audio Console.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative Software AutoUpdate.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative WaveStudio 7.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\SoundFont Bank Manager.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Audio Converter.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Organizer.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Player.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Driver Detective\Driver Detective.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Driver Detective\Help.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Driver Detective\Knowledgebase.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Driver Detective\Uninstall Driver Detective.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Gates of Andaron\Gates of Andaron online.url
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Gates of Andaron\Gates of Andaron.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\InterVideo WinDVD 5\InterVideo WinDVD 5.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Access 2010.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Excel 2010.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft OneNote 2010.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Outlook 2010.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Publisher 2010.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Word 2010.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools\Office Anytime Upgrade.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Riot Games\League of Legends\Play League of Legends.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\AudioWizard.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\Control Panel.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\SoundMAX\Help.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\Adobe Reader Speed Launch.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\InterVideo WinCinema Manager.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Turbine\DDO Unlimited\Account Management Website.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Turbine\DDO Unlimited\Atari, Inc..lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Turbine\DDO Unlimited\Community Website.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Turbine\DDO Unlimited\DDO Unlimited.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Turbine\DDO Unlimited\README.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Turbine\DDO Unlimited\Support Website.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Turbine\DDO Unlimited\Uninstall DDO Unlimited.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Turbine\DDO Unlimited\User Manual (pdf).lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\Ventrilo\Ventrilo.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\World of Tanks\Tankopedia.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\World of Tanks\Uninstall World of Tanks.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\World of Tanks\World of Tanks Game Manual.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\World of Tanks\World of Tanks on the Web.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\1\Programs\World of Tanks\World of Tanks.lnk
107 File(s) copied
C:\Documents and Settings\Noel Jacoway\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Noel Jacoway\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\2\System Restore.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
5 File(s) copied
C:\Documents and Settings\Noel Jacoway\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Noel Jacoway\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Noel Jacoway\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Noel Jacoway\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\Adobe Reader 7.0.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\Driver Detective.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\Gates of Andaron.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\InterVideo WinDVD 5.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\Play League of Legends.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\Skype.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\Ventrilo.lnk
C:\DOCUME~1\NOELJA~1\LOCALS~1\Temp\smtmp\4\World of Tanks.lnk
9 File(s) copied
C:\Documents and Settings\Noel Jacoway\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Noel Jacoway\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11072011_224455

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Combofix:

ComboFix 11-11-08.01 - Noel Jacoway 11/07/2011 23:07:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1017 [GMT -7:00]
Running from: c:\documents and settings\Noel Jacoway\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 05:44 . 2011-11-08 05:44 -------- d-----w- C:\_OTL
2011-11-07 06:35 . 2011-11-07 06:35 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-07 06:22 . 2011-11-07 06:34 -------- d-s---w- c:\documents and settings\Administrator
2011-11-02 15:32 . 2011-11-02 15:32 -------- d-----w- c:\documents and settings\Noel Jacoway\Local Settings\Application Data\Geckofx
2011-11-02 15:32 . 2011-11-02 15:32 -------- d-----w- c:\documents and settings\Noel Jacoway\Application Data\Firefly Studios
2011-11-02 15:26 . 2011-11-02 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2011-11-01 20:42 . 2011-11-01 20:42 -------- d-----w- c:\program files\Gameforge4D
2011-10-26 04:26 . 2011-10-26 04:26 -------- d-----w- c:\windows\system32\LogFiles
2011-10-24 19:07 . 2011-10-24 19:07 -------- d-----w- c:\documents and settings\Noel Jacoway\Application Data\HorizonWimba
2011-10-24 19:06 . 2011-10-24 19:06 -------- d-----w- c:\windows\Sun
2011-10-24 19:06 . 2011-10-24 19:06 -------- d-----w- c:\program files\Common Files\Java
2011-10-24 19:06 . 2011-10-24 19:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-24 19:06 . 2011-10-24 19:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 19:06 . 2011-10-24 19:06 -------- d-----w- c:\program files\Java
2011-10-22 03:38 . 2011-11-07 03:30 -------- d-----w- c:\documents and settings\Noel Jacoway\riotsGamesLogs
2011-10-22 03:37 . 2011-10-22 03:37 -------- d-----w- c:\documents and settings\Noel Jacoway\Application Data\LolClient
2011-10-22 02:49 . 2011-10-22 02:49 -------- d-----w- C:\Riot Games
2011-10-17 00:01 . 2011-11-08 05:51 -------- d-----w- c:\documents and settings\Noel Jacoway\Application Data\Skype
2011-10-17 00:01 . 2011-10-17 00:03 -------- d-----r- c:\program files\Skype
2011-10-17 00:01 . 2011-10-17 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-10-16 04:15 . 2011-10-16 04:47 -------- d-----w- c:\documents and settings\Noel Jacoway\Local Settings\Application Data\Turbine
2011-10-15 17:17 . 2011-10-15 20:30 -------- d-----w- c:\documents and settings\Noel Jacoway\Application Data\Ventrilo
2011-10-15 17:17 . 2011-10-15 17:17 -------- d-----w- c:\program files\Ventrilo
2011-10-15 17:16 . 2011-10-15 17:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-10-15 06:30 . 2008-04-14 06:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-10-15 06:30 . 2008-04-14 06:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-10-10 20:07 . 2011-10-10 20:07 -------- d-----w- c:\documents and settings\Noel Jacoway\Application Data\AdobeUM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 00:57 . 2011-10-03 21:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 00:05 . 2011-10-04 00:05 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-04 00:05 . 2011-10-04 00:05 102400 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-26 17:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2006-08-09 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2006-08-09 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-08-09 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-08-09 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2011-10-03 21:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-08-09 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-08-09 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-08-09 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-08-09 12:00 385024 ---ha-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-08-09 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-03 3077528]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-18 53341]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-09 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"P17Helper"="SPIRun.dll" [2006-07-03 10752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2011-10-3 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56773:TCP"= 56773:TCP:Pando Media Booster
"56773:UDP"= 56773:UDP:Pando Media Booster
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/3/2011 3:57 PM 2255464]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [10/3/2011 6:20 AM 169472]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 66.182.72.3 66.182.71.3 63.248.1.19
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 23:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-07 23:56:53
ComboFix-quarantined-files.txt 2011-11-08 06:56
.
Pre-Run: 957,182,533,632 bytes free
Post-Run: 958,665,441,280 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 2CDE9BE233D3C389D564C616D76629CB


TDSKILLER:

06:17:14.0359 1616 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
06:17:14.0640 1616 ============================================================
06:17:14.0640 1616 Current date / time: 2011/11/08 06:17:14.0640
06:17:14.0640 1616 SystemInfo:
06:17:14.0640 1616
06:17:14.0640 1616 OS Version: 5.1.2600 ServicePack: 3.0
06:17:14.0640 1616 Product type: Workstation
06:17:14.0640 1616 ComputerName: YOUR-C06F1F61DA
06:17:14.0640 1616 UserName: Noel Jacoway
06:17:14.0640 1616 Windows directory: C:\WINDOWS
06:17:14.0640 1616 System windows directory: C:\WINDOWS
06:17:14.0640 1616 Processor architecture: Intel x86
06:17:14.0640 1616 Number of processors: 2
06:17:14.0640 1616 Page size: 0x1000
06:17:14.0640 1616 Boot type: Normal boot
06:17:14.0640 1616 ============================================================
06:17:14.0890 1616 Initialize success
06:17:22.0515 1520 ============================================================
06:17:22.0515 1520 Scan started
06:17:22.0515 1520 Mode: Manual;
06:17:22.0515 1520 ============================================================
06:17:23.0093 1520 Abiosdsk - ok
06:17:23.0109 1520 abp480n5 - ok
06:17:23.0156 1520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:17:23.0171 1520 ACPI - ok
06:17:23.0203 1520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:17:23.0203 1520 ACPIEC - ok
06:17:23.0234 1520 ADIHdAudAddService (8ce0a2c740e6e2683b4def4e485ea331) C:\WINDOWS\system32\drivers\ADIHdAud.sys
06:17:23.0234 1520 ADIHdAudAddService - ok
06:17:23.0250 1520 adpu160m - ok
06:17:23.0296 1520 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
06:17:23.0296 1520 AEAudio - ok
06:17:23.0328 1520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:17:23.0328 1520 aec - ok
06:17:23.0359 1520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:17:23.0375 1520 AFD - ok
06:17:23.0375 1520 Aha154x - ok
06:17:23.0390 1520 aic78u2 - ok
06:17:23.0390 1520 aic78xx - ok
06:17:23.0453 1520 AliIde - ok
06:17:23.0500 1520 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
06:17:23.0500 1520 AmdK8 - ok
06:17:23.0500 1520 amsint - ok
06:17:23.0515 1520 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:17:23.0515 1520 Arp1394 - ok
06:17:23.0531 1520 asc - ok
06:17:23.0531 1520 asc3350p - ok
06:17:23.0546 1520 asc3550 - ok
06:17:23.0609 1520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:17:23.0609 1520 AsyncMac - ok
06:17:23.0625 1520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:17:23.0625 1520 atapi - ok
06:17:23.0640 1520 Atdisk - ok
06:17:23.0656 1520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:17:23.0656 1520 Atmarpc - ok
06:17:23.0703 1520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:17:23.0703 1520 audstub - ok
06:17:23.0734 1520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:17:23.0734 1520 Beep - ok
06:17:23.0796 1520 catchme - ok
06:17:23.0828 1520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:17:23.0828 1520 cbidf2k - ok
06:17:23.0828 1520 cd20xrnt - ok
06:17:23.0843 1520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:17:23.0843 1520 Cdaudio - ok
06:17:23.0859 1520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:17:23.0859 1520 Cdfs - ok
06:17:23.0890 1520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:17:23.0890 1520 Cdrom - ok
06:17:23.0890 1520 Changer - ok
06:17:23.0906 1520 CmdIde - ok
06:17:23.0921 1520 Cpqarray - ok
06:17:24.0000 1520 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
06:17:24.0000 1520 ctsfm2k - ok
06:17:24.0015 1520 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
06:17:24.0015 1520 CTUSFSYN - ok
06:17:24.0031 1520 dac2w2k - ok
06:17:24.0031 1520 dac960nt - ok
06:17:24.0078 1520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:17:24.0078 1520 Disk - ok
06:17:24.0125 1520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:17:24.0140 1520 dmboot - ok
06:17:24.0156 1520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:17:24.0156 1520 dmio - ok
06:17:24.0187 1520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:17:24.0187 1520 dmload - ok
06:17:24.0187 1520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:17:24.0187 1520 DMusic - ok
06:17:24.0203 1520 dpti2o - ok
06:17:24.0218 1520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:17:24.0218 1520 drmkaud - ok
06:17:24.0234 1520 EagleXNt - ok
06:17:24.0281 1520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:17:24.0296 1520 Fastfat - ok
06:17:24.0312 1520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:17:24.0312 1520 Fdc - ok
06:17:24.0312 1520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:17:24.0312 1520 Fips - ok
06:17:24.0328 1520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:17:24.0328 1520 Flpydisk - ok
06:17:24.0375 1520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:17:24.0375 1520 FltMgr - ok
06:17:24.0375 1520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:17:24.0375 1520 Fs_Rec - ok
06:17:24.0390 1520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:17:24.0390 1520 Ftdisk - ok
06:17:24.0421 1520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:17:24.0421 1520 Gpc - ok
06:17:24.0453 1520 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:17:24.0453 1520 HDAudBus - ok
06:17:24.0468 1520 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:17:24.0468 1520 hidusb - ok
06:17:24.0468 1520 hpn - ok
06:17:24.0515 1520 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
06:17:24.0515 1520 HPZid412 - ok
06:17:24.0515 1520 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
06:17:24.0515 1520 HPZipr12 - ok
06:17:24.0531 1520 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
06:17:24.0531 1520 HPZius12 - ok
06:17:24.0578 1520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:17:24.0578 1520 HTTP - ok
06:17:24.0593 1520 i2omgmt - ok
06:17:24.0609 1520 i2omp - ok
06:17:24.0609 1520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
06:17:24.0609 1520 i8042prt - ok
06:17:24.0625 1520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:17:24.0625 1520 Imapi - ok
06:17:24.0640 1520 ini910u - ok
06:17:24.0656 1520 IntelIde - ok
06:17:24.0671 1520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:17:24.0671 1520 Ip6Fw - ok
06:17:24.0703 1520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:17:24.0703 1520 IpFilterDriver - ok
06:17:24.0734 1520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:17:24.0734 1520 IpInIp - ok
06:17:24.0734 1520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:17:24.0750 1520 IpNat - ok
06:17:24.0750 1520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:17:24.0750 1520 IPSec - ok
06:17:24.0781 1520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:17:24.0796 1520 IRENUM - ok
06:17:24.0796 1520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:17:24.0796 1520 isapnp - ok
06:17:24.0828 1520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:17:24.0828 1520 Kbdclass - ok
06:17:24.0843 1520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:17:24.0843 1520 kbdhid - ok
06:17:24.0843 1520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:17:24.0859 1520 kmixer - ok
06:17:24.0875 1520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:17:24.0875 1520 KSecDD - ok
06:17:24.0890 1520 lbrtfdc - ok
06:17:24.0906 1520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:17:24.0906 1520 mnmdd - ok
06:17:24.0937 1520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:17:24.0937 1520 Modem - ok
06:17:24.0937 1520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:17:24.0937 1520 Mouclass - ok
06:17:24.0953 1520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:17:24.0968 1520 mouhid - ok
06:17:24.0968 1520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:17:24.0968 1520 MountMgr - ok
06:17:24.0984 1520 mraid35x - ok
06:17:24.0984 1520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:17:25.0000 1520 MRxDAV - ok
06:17:25.0046 1520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:17:25.0046 1520 MRxSmb - ok
06:17:25.0062 1520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:17:25.0062 1520 Msfs - ok
06:17:25.0093 1520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:17:25.0093 1520 MSKSSRV - ok
06:17:25.0109 1520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:17:25.0109 1520 MSPCLOCK - ok
06:17:25.0125 1520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:17:25.0125 1520 MSPQM - ok
06:17:25.0140 1520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:17:25.0140 1520 mssmbios - ok
06:17:25.0156 1520 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
06:17:25.0171 1520 MTsensor - ok
06:17:25.0171 1520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:17:25.0171 1520 Mup - ok
06:17:25.0218 1520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:17:25.0218 1520 NDIS - ok
06:17:25.0265 1520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:17:25.0265 1520 NdisTapi - ok
06:17:25.0265 1520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:17:25.0281 1520 Ndisuio - ok
06:17:25.0281 1520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:17:25.0296 1520 NdisWan - ok
06:17:25.0312 1520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:17:25.0312 1520 NDProxy - ok
06:17:25.0312 1520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:17:25.0312 1520 NetBIOS - ok
06:17:25.0343 1520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:17:25.0343 1520 NetBT - ok
06:17:25.0375 1520 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:17:25.0375 1520 NIC1394 - ok
06:17:25.0390 1520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:17:25.0390 1520 Npfs - ok
06:17:25.0406 1520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:17:25.0406 1520 Ntfs - ok
06:17:25.0421 1520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:17:25.0421 1520 Null - ok
06:17:25.0656 1520 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:17:25.0875 1520 nv - ok
06:17:25.0968 1520 nvata (b7fb72492b753930ec70a0f49d04f12f) C:\WINDOWS\system32\DRIVERS\nvata.sys
06:17:25.0968 1520 nvata - ok
06:17:25.0968 1520 nvatabus (b7fb72492b753930ec70a0f49d04f12f) C:\WINDOWS\system32\drivers\nvatabus.sys
06:17:25.0968 1520 nvatabus - ok
06:17:26.0015 1520 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
06:17:26.0015 1520 NVENETFD - ok
06:17:26.0015 1520 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
06:17:26.0015 1520 nvnetbus - ok
06:17:26.0046 1520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:17:26.0046 1520 NwlnkFlt - ok
06:17:26.0046 1520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:17:26.0046 1520 NwlnkFwd - ok
06:17:26.0062 1520 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:17:26.0062 1520 ohci1394 - ok
06:17:26.0093 1520 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
06:17:26.0109 1520 ossrv - ok
06:17:26.0140 1520 P17xfi (06902b5f2a17dddf1282ff402b5bd51b) C:\WINDOWS\system32\drivers\P17xfi.sys
06:17:26.0156 1520 P17xfi - ok
06:17:26.0218 1520 p17xfilt (a782e03a3b54c13fa7c29d33e1c9a044) C:\WINDOWS\system32\drivers\p17xfilt.sys
06:17:26.0265 1520 p17xfilt - ok
06:17:26.0281 1520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:17:26.0281 1520 Parport - ok
06:17:26.0281 1520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:17:26.0281 1520 PartMgr - ok
06:17:26.0296 1520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:17:26.0296 1520 ParVdm - ok
06:17:26.0312 1520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:17:26.0312 1520 PCI - ok
06:17:26.0312 1520 PCIDump - ok
06:17:26.0328 1520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:17:26.0328 1520 PCIIde - ok
06:17:26.0359 1520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:17:26.0359 1520 Pcmcia - ok
06:17:26.0359 1520 PDCOMP - ok
06:17:26.0375 1520 PDFRAME - ok
06:17:26.0390 1520 PDRELI - ok
06:17:26.0390 1520 PDRFRAME - ok
06:17:26.0406 1520 perc2 - ok
06:17:26.0406 1520 perc2hib - ok
06:17:26.0453 1520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:17:26.0453 1520 PptpMiniport - ok
06:17:26.0468 1520 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
06:17:26.0468 1520 Processor - ok
06:17:26.0484 1520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:17:26.0484 1520 PSched - ok
06:17:26.0500 1520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:17:26.0500 1520 Ptilink - ok
06:17:26.0500 1520 ql1080 - ok
06:17:26.0515 1520 Ql10wnt - ok
06:17:26.0531 1520 ql12160 - ok
06:17:26.0531 1520 ql1240 - ok
06:17:26.0546 1520 ql1280 - ok
06:17:26.0546 1520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:17:26.0546 1520 RasAcd - ok
06:17:26.0562 1520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:17:26.0562 1520 Rasl2tp - ok
06:17:26.0578 1520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:17:26.0578 1520 RasPppoe - ok
06:17:26.0578 1520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:17:26.0578 1520 Raspti - ok
06:17:26.0609 1520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:17:26.0609 1520 Rdbss - ok
06:17:26.0609 1520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:17:26.0609 1520 RDPCDD - ok
06:17:26.0687 1520 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:17:26.0687 1520 RDPWD - ok
06:17:26.0718 1520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:17:26.0734 1520 redbook - ok
06:17:26.0765 1520 RTLWUSB (26b8b7b8afd1bc7a447144fa3a2a21a5) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
06:17:26.0765 1520 RTLWUSB - ok
06:17:26.0796 1520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:17:26.0796 1520 Secdrv - ok
06:17:26.0828 1520 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
06:17:26.0843 1520 SenFiltService - ok
06:17:26.0859 1520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:17:26.0859 1520 serenum - ok
06:17:26.0875 1520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:17:26.0875 1520 Serial - ok
06:17:26.0890 1520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:17:26.0890 1520 Sfloppy - ok
06:17:26.0921 1520 SI3132 (9604998d0c578608151b6e59266fcae1) C:\WINDOWS\system32\DRIVERS\SI3132.sys
06:17:26.0937 1520 SI3132 - ok
06:17:26.0953 1520 Si3132r5 (665b71a33d967f87c6a58287da2eb54a) C:\WINDOWS\system32\drivers\Si3132r5.sys
06:17:26.0953 1520 Si3132r5 - ok
06:17:26.0968 1520 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
06:17:26.0968 1520 SiFilter - ok
06:17:26.0984 1520 Simbad - ok
06:17:26.0984 1520 Sparrow - ok
06:17:27.0015 1520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:17:27.0031 1520 splitter - ok
06:17:27.0031 1520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:17:27.0031 1520 sr - ok
06:17:27.0062 1520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:17:27.0062 1520 Srv - ok
06:17:27.0078 1520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:17:27.0078 1520 swenum - ok
06:17:27.0109 1520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:17:27.0125 1520 swmidi - ok
06:17:27.0125 1520 symc810 - ok
06:17:27.0140 1520 symc8xx - ok
06:17:27.0140 1520 sym_hi - ok
06:17:27.0156 1520 sym_u3 - ok
06:17:27.0187 1520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:17:27.0187 1520 sysaudio - ok
06:17:27.0218 1520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:17:27.0234 1520 Tcpip - ok
06:17:27.0250 1520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:17:27.0250 1520 TDPIPE - ok
06:17:27.0265 1520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:17:27.0265 1520 TDTCP - ok
06:17:27.0281 1520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:17:27.0281 1520 TermDD - ok
06:17:27.0296 1520 TosIde - ok
06:17:27.0343 1520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:17:27.0343 1520 Udfs - ok
06:17:27.0359 1520 ultra - ok
06:17:27.0375 1520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:17:27.0375 1520 Update - ok
06:17:27.0437 1520 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:17:27.0437 1520 usbaudio - ok
06:17:27.0453 1520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:17:27.0468 1520 usbccgp - ok
06:17:27.0468 1520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:17:27.0468 1520 usbehci - ok
06:17:27.0484 1520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:17:27.0484 1520 usbhub - ok
06:17:27.0500 1520 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:17:27.0500 1520 usbohci - ok
06:17:27.0515 1520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:17:27.0515 1520 usbprint - ok
06:17:27.0531 1520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:17:27.0531 1520 usbscan - ok
06:17:27.0531 1520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:17:27.0546 1520 USBSTOR - ok
06:17:27.0546 1520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:17:27.0546 1520 VgaSave - ok
06:17:27.0562 1520 ViaIde - ok
06:17:27.0562 1520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:17:27.0562 1520 VolSnap - ok
06:17:27.0578 1520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:17:27.0578 1520 Wanarp - ok
06:17:27.0593 1520 WDICA - ok
06:17:27.0609 1520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:17:27.0609 1520 wdmaud - ok
06:17:27.0671 1520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
06:17:27.0703 1520 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
06:17:27.0703 1520 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
06:17:27.0703 1520 Boot (0x1200) (04e7385f2d29228fd071a41f0dfc8087) \Device\Harddisk0\DR0\Partition0
06:17:27.0703 1520 \Device\Harddisk0\DR0\Partition0 - ok
06:17:27.0703 1520 ============================================================
06:17:27.0703 1520 Scan finished
06:17:27.0703 1520 ============================================================
06:17:27.0718 2632 Detected object count: 1
06:17:27.0718 2632 Actual detected object count: 1
06:18:02.0500 2632 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
06:18:02.0500 2632 \Device\Harddisk0\DR0 - ok
06:18:02.0500 2632 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
06:18:06.0156 3836 Deinitialize success


aswMBR (Fix was NOT enabled after running):

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-08 06:25:02
-----------------------------
06:25:02.796 OS Version: Windows 5.1.2600 Service Pack 3
06:25:02.796 Number of processors: 2 586 0x4B02
06:25:02.796 ComputerName: YOUR-C06F1F61DA UserName: Noel Jacoway
06:25:03.906 Initialize success
06:25:44.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
06:25:44.312 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
06:25:44.328 Disk 0 MBR read successfully
06:25:44.328 Disk 0 MBR scan
06:25:44.328 Disk 0 Windows XP default MBR code
06:25:44.328 Disk 0 scanning sectors +1953504000
06:25:44.390 Disk 0 scanning C:\WINDOWS\system32\drivers
06:25:48.593 Service scanning
06:25:49.500 Modules scanning
06:25:52.187 Scan finished successfully
06:26:55.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Noel Jacoway\Desktop\MBR.dat"
06:26:55.671 The log file has been saved successfully to "C:\Documents and Settings\Noel Jacoway\Desktop\aswMBR.txt"


OTL 2nd Run:

OTL logfile created on: 11/8/2011 6:27:38 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Noel Jacoway\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 60.82% Memory free
3.35 Gb Paging File | 2.88 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 892.59 Gb Free Space | 95.82% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-C06F1F61DA | User Name: Noel Jacoway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 14:00:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel Jacoway\Desktop\OTL.exe
PRC - [2011/10/03 14:33:22 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/03 04:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTSched.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/03 14:33:22 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/08 08:59:08 | 000,137,216 | ---- | M] () -- C:\WINDOWS\system32\OemSpi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/03 04:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)


========== Driver Services (SafeList) ==========

DRV - [2007/11/21 17:06:26 | 001,174,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007/10/10 19:31:08 | 001,664,384 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2006/08/09 05:00:00 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/08/09 05:00:00 | 000,192,512 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2006/08/09 05:00:00 | 000,169,472 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006/08/09 05:00:00 | 000,099,840 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/08/09 05:00:00 | 000,099,840 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/09 05:00:00 | 000,067,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2006/08/09 05:00:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/09 05:00:00 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/08/09 05:00:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2006/08/09 05:00:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/08/07 19:30:52 | 000,162,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/12/08 11:54:52 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 11:54:44 | 000,142,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



O1 HOSTS File: ([2011/11/07 23:41:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.182.72.3 66.182.71.3 63.248.1.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F15FB6CE-7ABB-4E78-A598-63EE2C1F1F80}: DhcpNameServer = 66.182.72.3 66.182.71.3 63.248.1.19
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/03 13:24:50 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/09 05:00:00 | 000,000,097 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 06:24:46 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Noel Jacoway\Desktop\aswMBR.exe
[2011/11/08 06:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Desktop\tdsskiller
[2011/11/07 23:01:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/07 22:56:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/07 22:56:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/07 22:56:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/07 22:56:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/07 22:55:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/07 22:54:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/07 22:53:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/07 22:53:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Noel Jacoway\Start Menu\Programs\Administrative Tools
[2011/11/07 22:44:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/07 22:39:04 | 004,285,205 | R--- | C] (Swearware) -- C:\Documents and Settings\Noel Jacoway\Desktop\ComboFix.exe
[2011/11/07 14:00:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Noel Jacoway\Desktop\OTL.exe
[2011/11/06 23:35:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Noel Jacoway\Recent
[2011/11/02 08:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\Geckofx
[2011/11/02 08:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Firefly Studios
[2011/11/02 08:32:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Noel Jacoway\My Documents\Stronghold Kingdoms
[2011/11/02 08:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/11/01 13:44:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gates of Andaron
[2011/11/01 13:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge4D
[2011/10/25 21:26:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/10/24 12:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\HorizonWimba
[2011/10/24 12:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/10/24 12:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/24 12:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/24 12:06:10 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/24 12:06:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/24 12:06:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/24 12:06:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/24 12:06:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/24 12:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/24 12:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Sun
[2011/10/21 20:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\riotsGamesLogs
[2011/10/21 20:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\LolClient
[2011/10/21 19:49:36 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/10/21 19:49:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Riot Games
[2011/10/21 16:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Desktop\LeagueOfLegends
[2011/10/16 17:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Skype
[2011/10/16 17:01:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/10/16 17:01:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/10/16 17:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/10/15 21:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Mozilla
[2011/10/15 21:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\Turbine
[2011/10/15 21:12:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Turbine
[2011/10/15 16:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Desktop\DDO High Res Install Files
[2011/10/15 10:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\Ventrilo
[2011/10/15 10:17:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo
[2011/10/15 10:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/10/15 10:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/10/14 23:30:26 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/10/10 13:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Noel Jacoway\Application Data\AdobeUM
[2011/10/03 13:34:32 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[60 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 06:26:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Noel Jacoway\Desktop\MBR.dat
[2011/11/08 06:25:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Noel Jacoway\Desktop\aswMBR.exe
[2011/11/08 06:19:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/08 06:19:33 | 1609,093,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 06:16:46 | 001,545,191 | ---- | M] () -- C:\Documents and Settings\Noel Jacoway\Desktop\tdsskiller.zip
[2011/11/07 23:41:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/07 23:01:43 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/11/07 22:39:13 | 004,285,205 | R--- | M] (Swearware) -- C:\Documents and Settings\Noel Jacoway\Desktop\ComboFix.exe
[2011/11/07 14:00:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Noel Jacoway\Desktop\OTL.exe
[2011/11/06 23:36:37 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 23:12:18 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\Noel Jacoway\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/06 11:34:05 | 000,444,380 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 11:34:05 | 000,072,076 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/03 12:55:34 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/01 13:44:08 | 000,000,820 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Gates of Andaron.lnk
[2011/10/24 12:06:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/24 12:06:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/24 12:06:03 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/24 12:06:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/24 12:06:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/21 19:53:06 | 000,001,614 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011/10/18 17:57:54 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/15 21:12:52 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\Noel Jacoway\Desktop\DDO Unlimited.lnk
[2011/10/15 10:17:20 | 000,000,630 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/10/14 02:18:48 | 000,269,392 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 02:02:33 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[60 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 06:26:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Noel Jacoway\Desktop\MBR.dat
[2011/11/08 06:16:40 | 001,545,191 | ---- | C] () -- C:\Documents and Settings\Noel Jacoway\Desktop\tdsskiller.zip
[2011/11/07 23:01:41 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/11/07 23:01:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/07 22:56:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/07 22:56:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/07 22:56:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/07 22:56:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/07 22:56:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/07 22:45:02 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\Noel Jacoway\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/07 22:45:02 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Noel Jacoway\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/07 13:26:55 | 1609,093,120 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/01 13:44:08 | 000,000,820 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Gates of Andaron.lnk
[2011/10/21 19:53:06 | 000,001,614 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011/10/16 17:01:46 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/15 21:12:52 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\Noel Jacoway\Desktop\DDO Unlimited.lnk
[2011/10/15 10:17:20 | 000,000,630 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/10/04 20:41:14 | 000,103,535 | -H-- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/10/04 20:41:14 | 000,017,176 | -H-- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/10/03 22:42:50 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Noel Jacoway\Local Settings\Application Data\fusioncache.dat
[2011/10/03 17:06:01 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2011/10/03 17:06:01 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/10/03 17:05:39 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2011/10/03 17:05:39 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2011/10/03 17:05:39 | 000,008,251 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2011/10/03 15:57:35 | 000,280,276 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/03 15:57:35 | 000,280,276 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/03 15:57:35 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/10/03 15:57:27 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/03 13:37:22 | 000,831,600 | -H-- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2011/10/03 13:37:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2011/10/03 13:30:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/03 13:22:57 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/03 06:19:52 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/10/03 06:18:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/03 06:17:53 | 000,269,392 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/09 05:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/08/09 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/08/09 05:00:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/09 05:00:00 | 000,444,380 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/09 05:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/09 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/08/09 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/08/09 05:00:00 | 000,072,076 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/09 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/08/09 05:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\CMDOW.EXE
[2006/08/09 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/08/09 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/09 05:00:00 | 000,004,486 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/08/09 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/08/09 05:00:00 | 000,001,350 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/09 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

OTL Extra Text:

OTL Extras logfile created on: 11/8/2011 6:27:38 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Noel Jacoway\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 60.82% Memory free
3.35 Gb Paging File | 2.88 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 892.59 Gb Free Space | 95.82% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-C06F1F61DA | User Name: Noel Jacoway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56773:TCP" = 56773:TCP:*:Enabled:Pando Media Booster
"56773:UDP" = 56773:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56773:TCP" = 56773:TCP:*:Enabled:Pando Media Booster
"56773:UDP" = 56773:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Games\World_of_Tanks\WOTLauncher.exe" = C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher -- (Wargaming.net)
"C:\Games\World_of_Tanks\WorldOfTanks.exe" = C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks -- (Wargaming.net)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio Console
"bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.16.00.803
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"gatesofandaron_is1" = Gates of Andaron 3.5
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.SingleImage" = Microsoft Office Professional 2010
"SFBM" = SoundFont Bank Manager
"WaveStudio 7" = Creative WaveStudio 7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#4
RKinner
Posted 08 November 2011 - 10:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Rerun TDSSKiller to make sure that it was able to remove the rootkit that it found.

Download and Save unhide.exe

http://download.blee...nler/unhide.exe

then Run it.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

How is it running now?

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP