[ldstoodley]

Your post said the scan would take awhile. It took about 1 second did I do somthing wrong?

OTL logfile created on: 11/27/2011 6:45:28 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.44 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 57.76% Memory free
3.69 Gb Paging File | 2.71 Gb Available in Paging File | 73.38% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.55 Gb Total Space | 63.12 Gb Free Space | 60.96% Space Free | Partition Type: NTFS
Drive D: | 8.21 Gb Total Space | 1.42 Gb Free Space | 17.30% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< C:\Program Files\CaiShow Tech\*.* /s >

< >

< End of report >

[Advertisements]

Your post said the scan would take awhile. It took about 1 second did I do somthing wrong?

No.

I did as you asked but after saving the fix.reg to the desk top and then double ckicking I get the following
( Cannot import C:\Documents and settings\Compaq_Admiinistrator\Desktop\fix.reg: The specified file is not a registry script.

Did you copy the entire script on QuoteBox?

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\AppID\Download.DLL]

# Step 1 #

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

# Step 2 #

Defragment your computer. Please, download Auslogic Disk Defrag

• Install the software and run it.
• Select your Local Disk (c:\) and click in Defrag.
• Wait a few moments and when the software ends, restart your computer.

# Step 3 #

Please, Try again:

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following:

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\AppID\Download.DLL]

In Notepad click on the "File" menu > Save As... Under "File name" type fix.reg and Change "Save as type" to All Files, save it on desktop.

You will have a file like this

Double click on fix.reg > Ok.

[WhiteHat]

Your post said the scan would take awhile. It took about 1 second did I do somthing wrong?

No.

I did as you asked but after saving the fix.reg to the desk top and then double ckicking I get the following
( Cannot import C:\Documents and settings\Compaq_Admiinistrator\Desktop\fix.reg: The specified file is not a registry script.

Did you copy the entire script on QuoteBox?

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\AppID\Download.DLL]

# Step 1 #

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

# Step 2 #

Defragment your computer. Please, download Auslogic Disk Defrag

• Install the software and run it.
• Select your Local Disk (c:\) and click in Defrag.
• Wait a few moments and when the software ends, restart your computer.

# Step 3 #

Please, Try again:

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following:

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\AppID\Download.DLL]

In Notepad click on the "File" menu > Save As... Under "File name" type fix.reg and Change "Save as type" to All Files, save it on desktop.

You will have a file like this

Double click on fix.reg > Ok.

[ldstoodley]

Ok I have done what you asked and it appears that somthing happened when I double clicked on fix.reg So what is the next step?
Larry

[WhiteHat]

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
• In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
  
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

[ldstoodley]

I believe I did everything you wanted First everything you had me install did not uninstall with otl I still have aswber, mbr and a fix logo on my desktop I know you want me to keep tfc and the auslogics defrag not sure about the others. I went to the java site and checked the current version and I had the newest one for my xp. When I tried the spring clean my flavor of windows is different from your instructions there was no system protection tab or anything else labled as such so I turned restore off then rebooted the system and turned system restore back on that should do what you want.
I have malwarebytes and normally use it weekly after updateing it manually
I have and use Secunia PSI in auto mode I think it does the same thing as FileHippo update checker so I'm not sure downloading 2 things that do the same thing is smart?
I have Norton Internet Security 2012 set to auto update it is an antivirus and firewall
I have tried different browsers ie crome, firefox and didn't care for them so I will be staying with microsoft for now.
I ALREADY AM RUNNING THE LATEST adobe reader sorry fat fingers
As for the other options like drop my rights and sand box ect not sure I want them because of restrictions and space.
I did find last night that the wireless card downloads faster than the wired maybe I have a bad cable
If you think some programs are better than the ones I'm running I will take your advice It's just I feel comfortable with what I have now I'm an old fart and don't care for change 59 years old lol I don't understand all that you have had me do but please believe me when I say it's rare some one you don't know will go to so much trouble to help you for nothing but a thanks You are unbeliveable Thank you from the bottom of my heart
Larry

[ldstoodley]

It's been a few days and the problems still exist. I'm still finding Caishow with Spybot search and destroy, I'm still getting redirects and not only is the machine very slow but scans take a lot longer than they used to over 3 hours for spybot and the same for Malware bytes and even longer for norton anti virus. This may mean nothing but norton warns me 2 times an hour that the amd 64 athlon is almost maxed out! It never last long but spikes and for no apparent reason. I'm beginning to think it's time for a new computer. Do you have any suggestions left to give me?

Larry

[WhiteHat]

Hi,

Spy-Bot is still find this same key?

[-HKEY_CLASSES_ROOT\AppID\Download.DLL]

[ldstoodley]

Hi
yes it's finding this (SBI $8976OEE9) Application ID HKEY_CLASSES_ROOT\AppID\Download.DLL
I used spybot to remove it last night then this morning it was there again it appears to show up after a reboot. I removed realplayer to use less resources and changed the setting on spybot to not use resident all in an attempt to not spike the Processor. It looks like that was in vain

[Essexboy]

Hi there I will be taking over now

Could you do the following for me please

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

THEN

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

[ldstoodley]

For some unkown reason I can't attach the jpeg screen shot  MBRCheck_12.13.11_14.54.59.txt   10.57KB   116 downloads is the mbr check report. I used screen shot and mspaint then saved as a jpeg when I tried to attach I get a not found but it appeared to be clean nothing caught my eye as wrong
Larry

[ldstoodley]

here is the screen shot with mwsnap
Larry

[Essexboy]

Aye I was just looking to see if there was an extra partition of 1-2 MB or 8-10 MB

Ok seen the shot now thanks

I would like you to run a specific OTL scan for me now please

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Tick both LOP and Purity boxes
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  sendshell.*
  caishow.*
  update.*
  Download.*
  /md5stop
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[ldstoodley]

here ya go

Attached Files

•  OTL.Txt   648.52KB   54 downloads
•  Extras.Txt   40.88KB   64 downloads

[Essexboy]

Hmm an intriguing problem this one

If this fails to stop the alerts I have another trick up my sleeve... Apart from the spybot detections what other symptoms are you experiencing ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O3 - HKU\S-1-5-21-4256486490-1714306237-1489007402-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
  O3 - HKU\S-1-5-21-4256486490-1714306237-1489007402-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  [2010/11/13 14:04:19 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[ldstoodley]

Ok here is the qiick scan
Whats been happening is on some sites redirects
slow loading of pages
acts like I run out of ram and it's useing the hard drive
The norton says I'm almost maxing out the CPU it showed that while useing otl
I guess it's acting like a bad virus but nothing is showing up except the caishow on spybot
after running your fix the pages have been running normaly I will run this some tonight and see if it's ok unless I hear back from you with another fix
I will report to you tomorrow if I still have problems
Larry

OTL logfile created on: 12/13/2011 4:36:13 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.44 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 77.19% Memory free
3.69 Gb Paging File | 3.21 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.55 Gb Total Space | 65.59 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive D: | 8.21 Gb Total Space | 1.42 Gb Free Space | 17.31% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 15:52:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 01:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/08/22 00:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/15 21:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/03/15 21:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/03/15 21:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2006/02/15 18:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 08:35:53 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_38ee21d5\mscorlib.dll
MOD - [2011/10/12 08:35:20 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_334f990b\system.drawing.dll
MOD - [2011/10/12 08:34:38 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_432de35d\system.xml.dll
MOD - [2011/10/12 08:34:33 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_472a4670\system.windows.forms.dll
MOD - [2011/10/12 08:34:05 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_315e4b48\system.dll
MOD - [2011/10/12 08:33:52 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/12 08:33:51 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/22 00:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/11/13 13:07:52 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/11/13 13:07:51 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/11/13 13:07:51 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/11/13 13:07:50 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2010/11/13 13:07:50 | 000,241,664 | ---- | M] () -- c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll
MOD - [2010/11/13 13:07:49 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/08/02 19:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/11/22 08:15:22 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111213.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/22 08:15:22 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111213.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111123.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/12 14:58:38 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/11 16:47:24 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111210.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/09 11:47:10 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 11:47:10 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/26 19:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 18:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 21:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 21:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/25 21:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/25 21:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 21:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/23 04:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2006/03/03 16:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 16:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/11/12 15:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2011/12/13 16:36:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/21 19:23:09 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/13 16:27:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\MyWeather Desktop.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2C0C981-39BB-409C-96FF-AA9E29D035E1}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE163125-499F-4D28-A392-8B6294CCB7F9}: DhcpNameServer = 192.168.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 23:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 04:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 16:27:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/13 16:14:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/12/13 15:51:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/12/13 15:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\New Folder
[2011/12/01 19:20:44 | 000,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Compaq_Administrator\Desktop\SysRestorePoint.exe
[2011/12/01 19:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/01 19:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/29 19:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Auslogics
[2011/11/29 19:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/11/29 19:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/11/29 19:40:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\TFC.exe
[2011/11/21 15:08:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/20 15:07:18 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2011/11/18 22:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/18 22:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/18 22:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/18 21:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/11/18 19:51:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/18 19:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

========== Files - Modified Within 30 Days ==========

[2011/12/13 16:34:39 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/13 16:33:53 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/13 16:33:52 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4256486490-1714306237-1489007402-1008.job
[2011/12/13 16:33:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/13 16:33:44 | 2615,726,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 16:27:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/13 16:19:18 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/12/13 16:19:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 16:15:59 | 000,209,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 16:11:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/13 16:07:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/13 15:52:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/12/13 14:54:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
[2011/12/11 18:49:35 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/12/10 13:38:49 | 000,053,828 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20111210_133845.reg
[2011/12/10 13:37:07 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/08 22:23:43 | 000,185,856 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/02 22:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/02 21:35:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4256486490-1714306237-1489007402-1008.job
[2011/12/01 19:17:28 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/01 19:17:08 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\NTREGOPT.lnk
[2011/12/01 19:17:08 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\ERUNT.lnk
[2011/12/01 18:21:25 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111208-210758.backup
[2011/11/30 20:44:43 | 000,525,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/30 20:44:43 | 000,096,022 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/29 20:06:15 | 000,000,085 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\fix.reg
[2011/11/29 19:53:57 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Auslogics Disk Defrag.lnk
[2011/11/29 19:41:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\TFC.exe
[2011/11/25 20:54:09 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\fix.reg
[2011/11/20 17:40:55 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/11/20 15:15:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/11/20 15:07:29 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2011/11/18 22:34:48 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/18 21:33:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/11/18 19:51:52 | 000,000,325 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2011/12/13 14:54:46 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
[2011/12/10 13:38:47 | 000,053,828 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cc_20111210_133845.reg
[2011/12/01 19:17:27 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/01 19:17:08 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\NTREGOPT.lnk
[2011/12/01 19:17:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\ERUNT.lnk
[2011/11/29 20:05:53 | 000,000,085 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\fix.reg
[2011/11/29 19:53:57 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Auslogics Disk Defrag.lnk
[2011/11/25 20:54:09 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\fix.reg
[2011/11/24 20:31:52 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/20 17:40:55 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/11/20 17:40:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/11/20 15:15:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/11/18 22:34:48 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/14 18:10:26 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4256486490-1714306237-1489007402-1008.job
[2011/02/04 14:35:21 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2010/11/18 09:41:55 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 14:31:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/11/13 14:08:30 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/11/13 14:04:26 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/11/13 14:04:26 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/11/13 14:04:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2010/11/13 14:00:35 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/11/13 13:59:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/13 13:44:58 | 000,004,494 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/11/13 13:43:12 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2010/11/13 13:43:12 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2010/11/13 13:36:57 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2010/11/13 13:35:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/11/13 13:31:21 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/11/13 13:31:21 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/11/13 13:31:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/11/13 13:31:21 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/11/13 13:31:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/11/13 13:31:20 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/11/13 13:31:20 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/11/13 13:31:20 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/11/13 13:31:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/11/13 13:31:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/11/13 13:31:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/11/13 13:29:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2010/11/13 13:05:20 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/11/13 11:41:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/11/13 11:41:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/11/13 11:41:55 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/11/13 11:41:50 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/11/13 11:41:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/11/13 11:41:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/11/13 11:41:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/11/13 11:40:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/11/13 11:40:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/05/19 02:21:43 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/19 02:21:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/19 02:21:24 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 19:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 23:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 23:07:46 | 000,525,284 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 23:07:46 | 000,096,022 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 23:05:30 | 000,209,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 23:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 22:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/26 09:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2010/11/17 13:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/10/14 14:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com
[2010/11/13 13:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/04/10 13:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileServe Limited
[2011/09/02 08:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/28 22:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/29 19:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Auslogics
[2011/05/13 18:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\com.myweather.desk.topapp
[2011/04/10 14:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FileServe Toolbar
[2011/02/04 14:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
[2010/11/17 14:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\VOWSoft
[2010/11/17 17:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
[2011/03/17 12:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Search

========== Purity Check ==========



< End of report >

Attached Files

•  OTL.Txt 2.txt   71.95KB   64 downloads