Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

USPS Email Virus


  • This topic is locked This topic is locked

#1
bikeguy08

bikeguy08

    Member

  • Member
  • PipPip
  • 45 posts
Opened an email from what appeared to be the USPS. Clicked on the attachment and my Norton 360 immediately popped up stating that it was stopping an intrusion. PC worked fine for a few minutes then I got bombarded with Hard drive error and damage pop ups, then my desk top went blank as well as my start up menu showed empty I immediately ran my Norton and it currently running, Cant open and run malwarebytes as it dissappeared.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there download the following programmes to your desktop. To get them to run press the windows+R keys together and type in the programmes name

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe (windows+R and type in roguekiller.exe)
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Can't download roguekiller. Is there an english version of the rogue killer website?
  • 0

#4
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Windows+R added rouguekiller.exe, got an error message telling me to check the spelling. Entered winlogon.exe and nothing happened
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
AH you spelt it wrong roguekiller.exe

Here is a copy [attachment=53480:RogueKiller.zip]
Extract the file to you root c drive and then go windows+r and type Roguekiller.exe
  • 0

#6
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Roguekiller results

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: BILL [Admin rights]
Mode: Remove -- Date : 11/09/2011 17:52:49

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] GWMDMMSG.exe -- C:\WINNT\GWMDMMSG.exe -> KILLED [TermProc]
[SUSP PATH] netsession_win.exe -- C:\Documents and Settings\BILL\Local Settings\Application Data\Akamai\netsession_win.exe -> KILLED [TermProc]
[SUSP PATH] netsession_win.exe -- C:\Documents and Settings\BILL\Local Settings\Application Data\Akamai\netsession_win.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Akamai NetSession Interface (C:\Documents and Settings\BILL\Local Settings\Application Data\Akamai\netsession_win.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : GWMDMpi (C:\WINNT\GWMDMpi.exe) -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\BILL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[66] : NtDeviceIoControlFile @ 0x805795B9 -> HOOKED (IPVNMon.sys @ 0xF7256B23)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
˙ž1

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#7
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
OTL logfile created on: 10/24/2011 8:16:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\BILL\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 331.57 Mb Available Physical Memory | 32.40% Memory free
1.28 Gb Paging File | 0.55 Gb Available in Paging File | 42.90% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 2.65 Gb Free Space | 7.12% Space Free | Partition Type: NTFS

Computer Name: S0026081863 | User Name: BILL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 20:15:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BILL\My Documents\Downloads\OTL.scr
PRC - [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/23 23:08:36 | 000,270,160 | ---- | M] (Highwind Software) -- C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2002/03/18 09:34:42 | 000,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
PRC - [2002/03/18 09:34:42 | 000,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\ipmon32.exe
PRC - [2001/11/27 09:55:50 | 000,101,615 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/17 18:02:16 | 003,552,856 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll
MOD - [2011/10/03 16:19:30 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/23 18:11:10 | 006,277,280 | ---- | M] () -- C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PictureTaker)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/17 18:02:16 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)


========== Driver Services (SafeList) ==========

DRV - [2011/10/14 19:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111014.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/23 00:17:32 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111021.030\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/08/07 13:08:43 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111023.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/07 13:08:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111023.005\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 18:58:34 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 18:58:34 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/06 16:04:37 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/26 23:40:40 | 000,057,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\C771BUS.sys -- (C771BUS)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/11/27 09:55:50 | 001,143,360 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2001/08/17 15:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.spincycl...s/sso/login.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "mail.spincycleservices.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.31.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/09/29 07:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_2_3 [2011/10/24 17:01:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 16:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/12 15:04:45 | 000,000,000 | ---D | M]

[2011/05/11 06:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Extensions
[2011/07/29 17:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions
[2011/05/11 06:50:38 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\[email protected]
[2010/03/24 16:57:36 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\bing.xml
[2011/10/14 19:10:12 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml
[2011/08/18 14:36:47 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml
[2011/08/31 09:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/29 13:46:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 17:01:38 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN_2011_7_2_3
[2011/09/29 07:43:04 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
[2011/05/11 14:36:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 16:19:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/06/16 09:19:59 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2011/07/29 13:49:48 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/03 16:19:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/07/29 09:56:46 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe ()
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TuneSync] C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe (Highwind Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...83/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1205768523015 (MUWebControl Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.a...,20/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54254FD0-E060-4E67-9C60-B3657573DFBE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BILL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/01 23:02:02 | 000,000,002 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/18 20:15:18 | 004,300,044 | ---- | M] () - C:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2002/05/02 14:44:42 | 000,000,105 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell - "" = AutoRun
O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{63df75e4-dc17-11e0-8bc6-000347d27f52}\Shell\AutoRun\command - "" = C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2e8b255-dbab-11e0-8bc5-000347d27f52}\Shell\AutoRun\command - "" = C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 17:12:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BILL\Recent
[2 C:\Documents and Settings\BILL\Desktop\*.tmp files -> C:\Documents and Settings\BILL\Desktop\*.tmp -> ]
[19 C:\Documents and Settings\BILL\My Documents\*.tmp files -> C:\Documents and Settings\BILL\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\BILL\*.tmp files -> C:\Documents and Settings\BILL\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/24 17:12:15 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/10/24 17:00:46 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/10/24 17:00:36 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 15:30:04 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/10/20 19:07:25 | 000,104,892 | ---- | M] () -- C:\Documents and Settings\BILL\My Documents\CJ.JPG
[2011/10/17 18:04:54 | 000,066,228 | -H-- | M] () -- C:\WINNT\System32\mlfcache.dat
[2011/10/14 16:59:36 | 000,308,400 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2011/10/14 07:10:12 | 000,437,864 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/10/14 07:10:12 | 000,068,090 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011/10/10 12:42:54 | 000,012,902 | ---- | M] () -- C:\Documents and Settings\BILL\Desktop\41MAYAF2H8L._SL500_AA300_.jpg
[2011/09/27 16:45:32 | 000,000,280 | ---- | M] () -- C:\{15E40580-1101-457F-83B3-C14E9219901C}
[2011/09/26 16:00:49 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2 C:\Documents and Settings\BILL\Desktop\*.tmp files -> C:\Documents and Settings\BILL\Desktop\*.tmp -> ]
[19 C:\Documents and Settings\BILL\My Documents\*.tmp files -> C:\Documents and Settings\BILL\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\BILL\*.tmp files -> C:\Documents and Settings\BILL\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/20 19:07:25 | 000,104,892 | ---- | C] () -- C:\Documents and Settings\BILL\My Documents\CJ.JPG
[2011/10/10 12:42:50 | 000,012,902 | ---- | C] () -- C:\Documents and Settings\BILL\Desktop\41MAYAF2H8L._SL500_AA300_.jpg
[2011/09/27 16:45:32 | 000,000,280 | ---- | C] () -- C:\{15E40580-1101-457F-83B3-C14E9219901C}
[2011/09/26 16:00:49 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2011/09/10 11:02:21 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2011/08/05 14:34:48 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2011/07/23 11:24:17 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2010/06/13 13:48:38 | 001,103,360 | ---- | C] () -- C:\WINNT\System32\cidfont.dll
[2010/06/13 13:48:36 | 004,369,408 | ---- | C] () -- C:\WINNT\System32\pdftk.exe
[2010/06/13 13:48:36 | 000,235,008 | ---- | C] () -- C:\WINNT\System32\office.exe
[2010/06/03 15:15:32 | 000,021,124 | ---- | C] () -- C:\WINNT\hpomdl07.dat.temp
[2010/03/18 20:31:41 | 000,000,048 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
[2010/02/11 07:06:29 | 000,000,183 | ---- | C] () -- C:\WINNT\System32\MRT.INI
[2010/01/29 18:56:42 | 000,066,228 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2009/12/20 16:26:32 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\MSVolumeAMP.dll
[2009/12/07 21:00:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgpdf2.dll
[2009/09/29 12:54:57 | 000,000,227 | ---- | C] () -- C:\WINNT\HP_CounterReport_Update_HPSU.ini
[2008/12/07 19:50:20 | 000,113,168 | ---- | C] () -- C:\WINNT\hpoins07.dat
[2008/12/07 19:50:20 | 000,021,124 | ---- | C] () -- C:\WINNT\hpomdl07.dat
[2008/12/07 12:44:03 | 000,000,214 | ---- | C] () -- C:\WINNT\HP_48BitScanUpdatePatch.ini
[2008/12/04 21:36:24 | 000,000,221 | ---- | C] () -- C:\WINNT\HP_RedboxHprblog_HPSU.ini
[2008/11/25 12:07:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BILL\Application Data\AVSMediaPlayer.m3u
[2008/11/25 12:03:47 | 000,524,288 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2008/11/25 12:03:47 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2008/06/02 14:40:50 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\BILL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/06 08:31:43 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2008/03/11 12:55:13 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/13 09:55:26 | 000,000,071 | ---- | C] () -- C:\WINNT\C64.ini
[2007/08/13 09:53:16 | 000,000,182 | ---- | C] () -- C:\WINNT\System32\EBPPORT4.DAT
[2007/05/14 08:17:34 | 000,126,976 | ---- | C] () -- C:\WINNT\System32\unzdll.dll
[2007/03/29 13:37:15 | 000,091,648 | ---- | C] () -- C:\WINNT\gzip.exe
[2007/03/09 10:04:25 | 000,000,010 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/10/27 19:07:57 | 000,000,848 | ---- | C] () -- C:\WINNT\Hbcwty01.ini
[2005/10/27 19:03:48 | 000,000,015 | ---- | C] () -- C:\WINNT\wgedit.ini
[2005/03/02 22:49:48 | 000,000,715 | ---- | C] () -- C:\WINNT\aolback.exe.lnk
[2005/01/12 20:53:41 | 000,000,988 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2004/12/28 10:30:46 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/08 19:15:03 | 000,000,171 | ---- | C] () -- C:\WINNT\WININIT.INI
[2004/09/08 19:14:59 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2004/06/04 20:44:56 | 000,000,145 | ---- | C] () -- C:\WINNT\System32\EBPPORT3.DAT
[2003/08/26 17:13:44 | 000,000,026 | ---- | C] () -- C:\WINNT\UP9ASP.INI
[2003/08/15 13:38:21 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/05/19 18:33:00 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2003/03/01 20:59:06 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\wh2robo.dll
[2003/03/01 20:59:06 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\regobj.dll
[2002/11/30 09:17:46 | 000,000,218 | ---- | C] () -- C:\WINNT\disney.ini
[2002/11/05 18:49:39 | 000,000,145 | ---- | C] () -- C:\WINNT\SYMGAMES.INI
[2002/10/27 13:52:08 | 000,000,532 | ---- | C] () -- C:\WINNT\eReg.dat
[2002/05/25 08:58:31 | 000,000,010 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2002/05/25 08:58:27 | 000,000,042 | ---- | C] () -- C:\WINNT\ka.INI
[2002/05/10 16:54:14 | 000,000,950 | ---- | C] () -- C:\WINNT\hegames.ini
[2002/02/23 21:33:18 | 000,045,568 | ---- | C] () -- C:\WINNT\UniFish3.exe
[2002/02/10 13:37:58 | 000,000,903 | ---- | C] () -- C:\WINNT\PowerReg.dat
[2002/02/10 13:36:40 | 000,000,023 | ---- | C] () -- C:\WINNT\EPSC80.ini
[2002/02/01 23:02:39 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2002/02/01 22:45:04 | 000,000,699 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/01/11 15:15:24 | 000,109,056 | ---- | C] () -- C:\WINNT\UNWISE32.EXE
[2002/01/11 15:15:24 | 000,082,864 | ---- | C] () -- C:\WINNT\UNWISE.EXE
[2002/01/11 15:15:24 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise32.ini
[2002/01/11 15:15:24 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise.ini
[2002/01/11 15:15:23 | 000,377,600 | ---- | C] () -- C:\WINNT\System32\BOCOLE.DLL
[2002/01/11 15:15:23 | 000,167,456 | ---- | C] () -- C:\WINNT\System32\Bocof.dll
[2002/01/11 15:14:57 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/01/11 15:12:44 | 000,040,960 | ---- | C] () -- C:\WINNT\uneng.exe
[2002/01/11 14:11:36 | 000,040,960 | ---- | C] () -- C:\WINNT\GWMDMpi.exe
[2001/10/09 15:08:15 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2001/10/09 14:54:47 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2001/10/09 14:47:40 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2001/10/09 14:40:34 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2001/10/09 14:39:46 | 000,308,400 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2000/09/13 22:03:00 | 000,000,145 | ---- | C] () -- C:\WINNT\System32\EBPPORT.DAT
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\vidx16.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,437,864 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,068,090 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

========== LOP Check ==========

[2011/07/29 13:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/05/11 06:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2011/05/11 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2011/05/11 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/05/11 06:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2011/05/11 06:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/11 06:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2011/05/11 06:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/11 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/05/11 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/11 06:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Aim
[2011/07/30 19:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Amazon
[2011/07/29 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\BabylonToolbar
[2011/05/11 06:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\com.constantcontact.add.to.constant.contact.93436992F81E3F56888A803A704436FF5667EB0D.1
[2011/05/11 06:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Final Draft
[2011/05/11 06:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\GetRightToGo
[2011/05/11 06:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Image Zone Express
[2011/05/11 06:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\InterTrust
[2011/05/11 06:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\LimeWire
[2011/05/11 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\MSNInstaller
[2011/05/11 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\OverDrive
[2011/05/11 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Smart PDF Converter Pro
[2011/05/11 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Snapfish
[2011/07/23 19:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Tific

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2004/03/18 20:15:18 | 004,300,044 | ---- | M] () -- C:\Autorun.exe
[2004/06/28 02:05:18 | 027,387,392 | ---- | M] () -- C:\fd70040.exe
[2003/10/01 14:18:32 | 008,072,192 | ---- | M] () -- C:\Final Draft AV 2 Demo.exe
[2008/09/08 10:25:43 | 065,324,566 | ---- | M] () -- C:\Final.Draft.7.exe
[2004/07/09 20:57:16 | 000,049,152 | ---- | M] () -- C:\Final.Draft.7.Keygen.exe
[2003/03/27 15:20:28 | 001,294,296 | ---- | M] (Macromedia, Inc.) -- C:\FinalDraftAV.exe
[2009/06/16 09:16:26 | 000,243,048 | ---- | M] () -- C:\hkinstaller.exe
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2004/04/07 18:07:02 | 027,332,608 | ---- | M] () -- C:\setup.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINNT\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINNT\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINNT\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINNT\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINNT\$NtServicePackUninstall$\winlogon.exe
[2001/08/18 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINNT\$NtUninstallKB841533$\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINNT\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINNT\$hf_mig$\KB841533\SP1QFE\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 16:19:25 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 16:19:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 1125 bytes -> C:\Documents and Settings\BILL\My Documents\Fwd_Fw_Pleasesendback.eml:OECustomProperty

< End of report >
  • 0

#8
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
The OTL scan didn't produce an EXTRAS log
  • 0

#9
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hello?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you let me know what the problems are on completion of this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="
    [2011/10/14 19:10:12 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml
    [2011/08/18 14:36:47 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml
    O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
    [2004/03/18 20:15:18 | 004,300,044 | ---- | M] () -- C:\Autorun.exe
    [2004/06/28 02:05:18 | 027,387,392 | ---- | M] () -- C:\fd70040.exe
    [2004/07/09 20:57:16 | 000,049,152 | ---- | M] () -- C:\Final.Draft.7.Keygen.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

Advertisements


#11
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
All processes killed
========== OTL ==========
Prefs.js: "http://search.mywebs...kwd&searchfor=" removed from keyword.URL
File C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml not found.
C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ not found.
C:\Autorun.exe moved successfully.
C:\fd70040.exe moved successfully.
C:\Final.Draft.7.Keygen.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\BILL\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\BILL\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: BILL
->Temp folder emptied: 3121 bytes
->Temporary Internet Files folder emptied: 788481 bytes
->Java cache emptied: 222110 bytes
->FireFox cache emptied: 48094940 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 611 bytes

User: CJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathleen Goulet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 437213 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kylie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34996 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 11102011_143838

Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\Perflib_Perfdata_698.dat not found!
File move failed. C:\WINNT\temp\Perflib_Perfdata_7e0.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#12
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
un date: 2011-11-10 14:50:11
-----------------------------
14:50:11.546 OS Version: Windows 5.1.2600 Service Pack 3
14:50:11.546 Number of processors: 1 586 0x102
14:50:11.546 ComputerName: S0026081863 UserName: BILL
14:50:13.390 Initialize success
14:50:30.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:50:30.375 Disk 0 Vendor: WDC_WD400JB-00ENA0 05.03E05 Size: 38166MB BusType: 3
14:50:32.390 Disk 0 MBR read successfully
14:50:32.390 Disk 0 MBR scan
14:50:32.390 Disk 0 unknown MBR code
14:50:32.406 Disk 0 scanning sectors +78156225
14:50:32.468 Disk 0 scanning C:\WINNT\system32\drivers
14:50:38.859 Service scanning
14:50:40.296 Modules scanning
14:50:47.296 Disk 0 trace - called modules:
14:50:47.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
14:50:47.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3cab8]
14:50:47.328 3 CLASSPNP.SYS[f75bffd7] -> nt!IofCallDriver -> \Device\00000063[0x86f5df18]
14:50:47.328 5 ACPI.sys[f7526620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f7b940]
14:50:47.328 Scan finished successfully
14:51:03.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BILL\Desktop\MBR.dat"
14:51:03.328 The log file has been saved successfully to "C:\Documents and Settings\BILL\Desktop\aswMBR.txt"
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are you experiencing ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#14
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
My desk top icons are gone.. When I click on the START button the menu is empty and when I click on ALL PROGRAMS it is also empty. I had Malwarebytes ion my system but it's gone too.
  • 0

#15
bikeguy08

bikeguy08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Tried to install Malwarebytes and access was denied.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP