Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect infection.TDSSkiller does not start

Started by SFAdad , Nov 27 2011 08:30 PM

  • Please log in to reply

#1
SFAdad
Posted 27 November 2011 - 08:30 PM

SFAdad

    Member

  • Member
  • PipPip
  • 47 posts
Recently used malwarebytes to remove "System Fix" infection. Now when I use Chrome or IE to do a search I am redirected when I click on one of the results. Malwarebytes and Security Essentials are not finding anything.
Followed the directions in "How to fix Google Redirects" but when I try to run TDSSkiller it does not start.
Another problem I am noticing is when I delete files from my Temporary Internet Files directory they reappear after a few minutes.
Ran Viper but it did not find anything.

Here is my OTL log.

OTL logfile created on: 11/27/2011 8:07:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 49.32 Mb Available Physical Memory | 9.65% Memory free
1.94 Gb Paging File | 1.25 Gb Available in Paging File | 64.54% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 26.57 Gb Free Space | 47.55% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\My Documents\Downloads\OTL.exe
PRC - [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/14 23:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/14 23:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/14 23:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/14 23:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/14 23:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/14 20:36:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2007/02/26 22:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/21 17:14:15 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/21 17:11:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/21 17:08:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/11/07 04:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/06/01 15:10:22 | 000,128,120 | ---- | M] (Bayer Healthcare LLC) [Disabled | Stopped] -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService)
SRV - [2010/08/23 19:21:40 | 000,007,692 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/25 03:41:53 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 03:41:37 | 000,529,208 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/07/16 11:10:54 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/28 10:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/06/24 22:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/11/26 18:01:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/01/03 03:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/27 19:35:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([turbotaxweb.turbotaxonline] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://svwmi.worldm...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BB0582-5BA9-457E-91B0-E2284D6D28AB}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 20:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/27 19:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\New Folder
[2011/11/27 19:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\GooredFix Backups
[2011/11/27 19:43:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Michael\Desktop\GooredFix.exe
[2011/11/27 19:35:00 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/27 16:36:35 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/27 16:36:35 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/11/27 16:35:19 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/11/27 16:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 16:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/27 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/27 16:28:54 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 16:13:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/11/27 15:16:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/26 19:26:13 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 18:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/26 18:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/26 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/26 18:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/26 17:56:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr
[2011/11/26 17:03:44 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/26 16:31:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/26 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/26 16:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Secunia PSI
[2011/11/26 16:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/25 20:20:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/25 20:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\System Fix
[2009/12/22 21:20:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/22 21:20:06 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/05/25 03:41:40 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/05/25 03:41:37 | 000,529,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/05/17 08:19:57 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/05/17 08:17:22 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/05/17 08:11:47 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/05/17 08:10:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/05/17 08:08:43 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/05/17 08:07:51 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/05/17 08:07:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/05/17 08:06:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/05/17 07:59:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/05/17 07:58:46 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/05/17 07:53:19 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/27 19:43:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Michael\Desktop\GooredFix.exe
[2011/11/27 19:37:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/27 19:35:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/27 19:30:02 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2011/11/27 16:32:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/27 16:29:02 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 13:01:15 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2011/11/27 11:30:03 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2011/11/27 03:59:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/26 22:06:34 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
[2011/11/26 19:45:17 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 18:36:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/26 18:16:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/26 17:57:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 17:56:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 10:47:01 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/11/25 19:28:14 | 000,639,914 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/25 19:28:14 | 000,151,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/27 16:32:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/26 19:45:17 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 17:57:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 16:34:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/26 16:08:49 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/11/26 14:46:49 | 000,002,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Project Studio.lnk
[2011/11/26 14:46:49 | 000,002,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Album.lnk
[2011/11/26 14:46:49 | 000,002,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Image Editor.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2011/11/26 14:46:49 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OneTouch Software.lnk
[2011/11/26 14:46:49 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/11/26 14:46:49 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinFF.lnk
[2011/11/26 14:46:48 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MemoriesOnTV.lnk
[2011/11/26 14:46:48 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GLUCOFACTS® Deluxe v2.11.lnk
[2011/11/26 14:46:48 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoVIP.lnk
[2011/11/26 14:46:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 14:46:44 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/26 14:46:44 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/26 14:46:44 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\GSAK.lnk
[2011/11/26 14:46:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/26 14:46:28 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/11/26 14:46:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/26 14:46:28 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/11/26 14:46:28 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/26 14:46:27 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyGPS.lnk
[2011/11/26 10:47:02 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/10/15 19:57:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/06 22:16:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jspWin.dll
[2011/08/23 19:15:11 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2011/08/23 19:15:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2011/08/23 19:14:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2011/08/23 19:14:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2011/08/23 19:14:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2011/08/23 19:14:43 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2011/08/23 19:14:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2011/08/23 19:14:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2011/05/15 12:15:37 | 004,360,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/13 19:51:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fxaheba.bin
[2011/04/23 09:36:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2011/04/23 09:36:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2011/04/23 09:36:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2011/04/23 09:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2011/03/07 21:10:49 | 000,006,958 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\934284662
[2011/03/07 21:10:49 | 000,006,958 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\934284662
[2010/09/25 21:08:18 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\hgksfg.bat
[2010/06/20 18:55:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\sversion.ini
[2010/06/20 18:49:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2010/06/02 18:27:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/02 18:26:11 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\default.rss
[2010/06/02 18:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\downloads.m3u
[2010/05/30 18:49:19 | 000,063,828 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/06 22:21:54 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/02/17 23:00:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\osinfo.dll
[2009/12/22 21:20:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/22 21:20:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/22 21:17:14 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/10/04 10:00:25 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 22:50:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/03 22:20:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/27 20:10:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/27 20:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 20:02:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 12:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/27 12:55:24 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/05/23 22:04:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 12:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 10:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 11:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/05/17 20:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,639,914 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,151,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/10/14 20:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayerLogs
[2010/04/24 10:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/19 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/08/03 06:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/04/24 10:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/24 12:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/05/30 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/25 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\EurekaLog
[2011/09/19 22:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2010/08/13 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GianPaoloSaliola
[2010/03/09 20:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gsak
[2011/10/06 22:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HealthEngage
[2011/08/03 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Juniper Networks
[2011/04/23 09:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2010/05/09 19:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nova Development
[2011/04/01 21:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2011/06/04 20:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PCHC
[2010/10/30 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinFF
[2011/11/27 03:59:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/26 22:06:34 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Nedklaw
Posted 28 November 2011 - 04:55 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, SFAdad! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for SFAdad only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.
  • 0

#3
SFAdad
Posted 28 November 2011 - 07:11 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thanks for taking my case.
I just checked my temporary internet files and there are some files there from the middle of the day when I was at work. Is there anything I can do to stop IE from accessing the internet by itself while we are working through the issues?
  • 0

#4
Nedklaw
Posted 29 November 2011 - 05:16 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection.

Uninstall Microsoft Security Essentials or Vipre via:
  • Control Panel
  • Add/Remove Programs

Step 2

Do the redirects still occur after running the below OTL fix?

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
File not found -- C:\WINDOWS\System32\
[2011/11/25 20:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\System Fix
[2011/05/13 19:51:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fxaheba.bin
[2011/03/07 21:10:49 | 000,006,958 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\934284662
[2011/03/07 21:10:49 | 000,006,958 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\934284662
[2010/09/25 21:08:18 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\hgksfg.bat 

:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Step 4

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop .

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce a log located at C:\DiskReport.txt. Please post the results from that log here to me.


Things I want to see in your next reply

  • Answer to my question
  • OTL Fix Log
  • OTL.txt
  • aswMBR.txt
  • DiskReport.txt
  • 0

#5
SFAdad
Posted 30 November 2011 - 09:56 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Redirects are still occurring.

I am posting both of the OTL logs created but aswMBR.exe would not open. I even tried renaming it. Since it would not run I was not sure if I should still run the getpartitions.bat.


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Documents and Settings\Michael\Start Menu\Programs\System Fix folder moved successfully.
C:\WINDOWS\Fxaheba.bin moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\934284662 moved successfully.
C:\Documents and Settings\All Users\Application Data\934284662 moved successfully.
C:\Documents and Settings\Michael\Application Data\hgksfg.bat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael
->Temp folder emptied: 180305 bytes
->Temporary Internet Files folder emptied: 24082953 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 43802438 bytes
->Flash cache emptied: 857 bytes

User: NetworkService
->Temp folder emptied: 82184 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34086 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2370610 bytes

Total Files Cleaned = 67.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 11302011_205543

Files\Folders moved on Reboot...
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\N3VGZB1W\enhanced_notice[1].htm moved successfully.

Registry entries deleted on Reboot...



OTL logfile created on: 11/30/2011 9:30:01 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 24.84 Mb Available Physical Memory | 4.86% Memory free
1.94 Gb Paging File | 1.20 Gb Available in Paging File | 62.04% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 26.46 Gb Free Space | 47.36% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2011/11/14 23:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/14 23:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/14 23:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/14 23:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/14 23:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/14 23:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/14 20:36:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2007/02/26 22:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/21 17:14:15 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/21 17:11:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/21 17:08:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/11/07 04:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/06/01 15:10:22 | 000,128,120 | ---- | M] (Bayer Healthcare LLC) [Disabled | Stopped] -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService)
SRV - [2010/08/23 19:21:40 | 000,007,692 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/25 03:41:53 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 03:41:37 | 000,529,208 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl7708980f)
DRV - [2011/11/30 21:00:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{487BE1BE-84DC-46C7-A7F3-7BE1EB388583}\MpKsl81d87c81.sys -- (MpKsl81d87c81)
DRV - [2011/11/30 20:55:27 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{487BE1BE-84DC-46C7-A7F3-7BE1EB388583}\MpKsl750183a0.sys -- (MpKsl750183a0)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/07/16 11:10:54 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/28 10:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/06/24 22:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/11/26 18:01:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/01/03 03:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/30 20:56:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..Trusted Domains: intuit.com ([turbotaxweb.turbotaxonline] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://svwmi.worldm...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BB0582-5BA9-457E-91B0-E2284D6D28AB}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 20:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/30 21:19:29 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Michael\Desktop\ie.exe
[2011/11/30 20:55:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 20:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/11/27 22:31:00 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/27 20:05:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 19:35:00 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/27 16:36:35 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/27 16:36:35 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/11/27 16:35:19 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/11/27 16:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 16:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/27 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/27 16:28:54 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 16:13:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/11/27 15:16:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/26 19:26:13 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 18:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/26 18:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/26 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/26 18:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/26 17:03:44 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/26 16:31:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/26 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/26 16:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Secunia PSI
[2011/11/26 16:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/25 20:20:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/22 21:20:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/22 21:20:06 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/05/25 03:41:40 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/05/25 03:41:37 | 000,529,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/05/17 08:19:57 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/05/17 08:17:22 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/05/17 08:11:47 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/05/17 08:10:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/05/17 08:08:43 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/05/17 08:07:51 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/05/17 08:07:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/05/17 08:06:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/05/17 07:59:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/05/17 07:58:46 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/05/17 07:53:19 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/30 21:30:17 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2011/11/30 21:21:44 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\getpartitions.bat
[2011/11/30 21:20:03 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Michael\Desktop\ie.exe
[2011/11/30 21:06:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/30 21:00:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/30 20:56:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/30 16:33:25 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
[2011/11/30 11:30:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2011/11/28 18:44:06 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/27 22:31:01 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 16:32:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/27 16:29:02 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 13:01:15 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2011/11/26 19:45:17 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 18:36:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/26 18:16:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/26 17:57:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 10:47:01 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/11/25 19:28:14 | 000,639,914 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/25 19:28:14 | 000,151,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/30 21:21:58 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\getpartitions.bat
[2011/11/28 18:44:06 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/27 16:32:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/26 19:45:17 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 17:57:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 16:34:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/26 16:08:49 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/11/26 14:46:49 | 000,002,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Project Studio.lnk
[2011/11/26 14:46:49 | 000,002,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Album.lnk
[2011/11/26 14:46:49 | 000,002,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Image Editor.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2011/11/26 14:46:49 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OneTouch Software.lnk
[2011/11/26 14:46:49 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/11/26 14:46:49 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinFF.lnk
[2011/11/26 14:46:48 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MemoriesOnTV.lnk
[2011/11/26 14:46:48 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GLUCOFACTS® Deluxe v2.11.lnk
[2011/11/26 14:46:48 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoVIP.lnk
[2011/11/26 14:46:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 14:46:44 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/26 14:46:44 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\GSAK.lnk
[2011/11/26 14:46:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/26 14:46:28 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/11/26 14:46:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/26 14:46:28 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/11/26 14:46:28 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/26 14:46:27 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyGPS.lnk
[2011/11/26 10:47:02 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/10/15 19:57:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/06 22:16:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jspWin.dll
[2011/08/23 19:15:11 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2011/08/23 19:15:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2011/08/23 19:14:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2011/08/23 19:14:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2011/08/23 19:14:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2011/08/23 19:14:43 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2011/08/23 19:14:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2011/08/23 19:14:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2011/05/15 12:15:37 | 004,360,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/23 09:36:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2011/04/23 09:36:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2011/04/23 09:36:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2011/04/23 09:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/06/20 18:55:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\sversion.ini
[2010/06/20 18:49:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2010/06/02 18:27:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/02 18:26:11 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\default.rss
[2010/06/02 18:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\downloads.m3u
[2010/05/30 18:49:19 | 000,063,828 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/06 22:21:54 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/02/17 23:00:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\osinfo.dll
[2009/12/22 21:20:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/22 21:20:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/22 21:17:14 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/10/04 10:00:25 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 22:50:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/03 22:20:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/27 20:10:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/27 20:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 20:02:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 12:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/27 12:55:24 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/05/23 22:04:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 12:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 10:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 11:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/05/17 20:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,639,914 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,151,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/10/14 20:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayerLogs
[2010/04/24 10:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/19 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/08/03 06:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/04/24 10:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/24 12:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/05/30 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/25 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\EurekaLog
[2011/09/19 22:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2010/08/13 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GianPaoloSaliola
[2010/03/09 20:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gsak
[2011/10/06 22:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HealthEngage
[2011/08/03 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Juniper Networks
[2011/04/23 09:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2010/05/09 19:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nova Development
[2011/04/01 21:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2011/06/04 20:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PCHC
[2010/10/30 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinFF
[2011/11/30 21:06:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/30 16:33:25 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job

========== Purity Check ==========



< End of report >
  • 0

#6
Nedklaw
Posted 01 December 2011 - 03:05 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Yes, please continue and run GetPartitions.bat.
  • 0

#7
SFAdad
Posted 01 December 2011 - 09:02 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the get partition report.




Microsoft DiskPart version 5.1.3565

Copyright © 1999-2003 Microsoft Corporation.
On computer: MICHAEL-02YGOYZ

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 E DVD-ROM 0 B
Volume 2 C NTFS Partition 56 GB Healthy Boot
  • 0

#8
Nedklaw
Posted 02 December 2011 - 04:15 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
File not found -- C:\WINDOWS\System32\ 

:Files
C:\WINDOWS\System32\
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download AVPTool from Here to your desktop.

Run the programme you have just downloaded to your desktop (it will be randomly named).

First we will run a virus scan.

Click the cog in the upper right.

Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan.

Posted Image

Allow AVP to delete all infections found.
Once it has finished select report tab (last tab).
Select Detected threads report from the left and press Save button.
Save it to your desktop and attach to your next post.


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information.

Posted Image


On completion click the link to locate the zip file to upload and attach to your next post.

Posted Image


Step 3

Hi. :)

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Step 4

Do the following:
Start -> Run.
Type diskmgmt.msc .
Click "OK".

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen shot of the Disk Management Window and attach the screen shot to your reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • AVPTool Report
  • avptool_sysinfo.zip
  • MBRCheck Log
  • A screenshot of the Disk Management Window
  • 0

#9
SFAdad
Posted 03 December 2011 - 10:12 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here are the requested reports and logs.
3 logs copied and pasted.
3 files attached.Attached File  DetectedThreats.txt   914bytes   108 downloadsAttached File  avptool_sysinfo.zip   20.15KB   87 downloadsAttached File  diskManagement.zip   27.59KB   113 downloads


All processes killed
========== OTL ==========
========== FILES ==========
Item C:\WINDOWS\system32 is whitelisted and cannot be moved.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael
->Temp folder emptied: 21 bytes
->Temporary Internet Files folder emptied: 5279305 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 13820923 bytes
->Flash cache emptied: 470 bytes

User: NetworkService
->Temp folder emptied: 73948 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1390427 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1991908 bytes

Total Files Cleaned = 22.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12022011_211949

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 12/2/2011 9:22:55 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 59.43 Mb Available Physical Memory | 11.63% Memory free
1.94 Gb Paging File | 1.52 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 26.36 Gb Free Space | 47.18% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2007/02/26 22:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/21 17:14:15 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/21 17:11:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/21 17:08:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/11/07 04:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/06/01 15:10:22 | 000,128,120 | ---- | M] (Bayer Healthcare LLC) [Disabled | Stopped] -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService)
SRV - [2010/08/23 19:21:40 | 000,007,692 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/25 03:41:53 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 03:41:37 | 000,529,208 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - [2011/12/02 21:22:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{170DBC65-AE40-47E0-A1BD-E5B09B19B45A}\MpKsl6bf45333.sys -- (MpKsl6bf45333)
DRV - [2011/12/01 21:09:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{170DBC65-AE40-47E0-A1BD-E5B09B19B45A}\MpKsl2cb05f1b.sys -- (MpKsl2cb05f1b)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/07/16 11:10:54 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/28 10:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/06/24 22:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/11/26 18:01:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/01/03 03:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/02 21:19:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..Trusted Domains: intuit.com ([turbotaxweb.turbotaxonline] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://svwmi.worldm...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BB0582-5BA9-457E-91B0-E2284D6D28AB}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 20:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/30 20:55:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 20:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/11/27 20:05:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 19:35:00 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/27 16:36:35 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/27 16:36:35 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/11/27 16:35:19 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/11/27 16:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 16:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/27 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/27 16:28:54 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 16:13:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/11/27 15:16:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/26 19:26:13 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 18:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/26 18:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/26 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/26 18:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/26 17:03:44 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/26 16:31:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/26 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/26 16:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Secunia PSI
[2011/11/26 16:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/25 20:20:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/22 21:20:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/22 21:20:06 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/05/25 03:41:40 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/05/25 03:41:37 | 000,529,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/05/17 08:19:57 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/05/17 08:17:22 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/05/17 08:11:47 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/05/17 08:10:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/05/17 08:08:43 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/05/17 08:07:51 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/05/17 08:07:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/05/17 08:06:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/05/17 07:59:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/05/17 07:58:46 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/05/17 07:53:19 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/02 21:31:44 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
[2011/12/02 21:30:25 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2011/12/02 21:27:12 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/02 21:21:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/02 21:19:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/02 21:17:40 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\MBRCheck.exe
[2011/12/02 21:17:22 | 104,456,648 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\setup_11.0.0.1245.x01_2011_12_03_06_18 (1).exe
[2011/12/02 11:30:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2011/11/28 18:44:06 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 16:32:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/27 16:29:02 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 13:01:15 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2011/11/26 19:45:17 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 18:36:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/26 18:16:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/26 17:57:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 10:47:01 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/11/25 19:28:14 | 000,639,914 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/25 19:28:14 | 000,151,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/02 21:17:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\MBRCheck.exe
[2011/12/02 21:11:39 | 104,456,648 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\setup_11.0.0.1245.x01_2011_12_03_06_18 (1).exe
[2011/11/28 18:44:06 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/27 16:32:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/26 19:45:17 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 17:57:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 16:34:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/26 16:08:49 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/11/26 14:46:49 | 000,002,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Project Studio.lnk
[2011/11/26 14:46:49 | 000,002,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Album.lnk
[2011/11/26 14:46:49 | 000,002,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Image Editor.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2011/11/26 14:46:49 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OneTouch Software.lnk
[2011/11/26 14:46:49 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/11/26 14:46:49 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinFF.lnk
[2011/11/26 14:46:48 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MemoriesOnTV.lnk
[2011/11/26 14:46:48 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GLUCOFACTS® Deluxe v2.11.lnk
[2011/11/26 14:46:48 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoVIP.lnk
[2011/11/26 14:46:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 14:46:44 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/26 14:46:44 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\GSAK.lnk
[2011/11/26 14:46:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/26 14:46:28 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/11/26 14:46:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/26 14:46:28 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/11/26 14:46:28 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/26 14:46:27 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyGPS.lnk
[2011/11/26 10:47:02 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/10/15 19:57:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/06 22:16:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jspWin.dll
[2011/08/23 19:15:11 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2011/08/23 19:15:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2011/08/23 19:14:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2011/08/23 19:14:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2011/08/23 19:14:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2011/08/23 19:14:43 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2011/08/23 19:14:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2011/08/23 19:14:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2011/05/15 12:15:37 | 004,360,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/23 09:36:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2011/04/23 09:36:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2011/04/23 09:36:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2011/04/23 09:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/06/20 18:55:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\sversion.ini
[2010/06/20 18:49:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2010/06/02 18:27:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/02 18:26:11 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\default.rss
[2010/06/02 18:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\downloads.m3u
[2010/05/30 18:49:19 | 000,063,828 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/06 22:21:54 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/02/17 23:00:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\osinfo.dll
[2009/12/22 21:20:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/22 21:20:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/22 21:17:14 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/10/04 10:00:25 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 22:50:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/03 22:20:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/27 20:10:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/27 20:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 20:02:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 12:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/27 12:55:24 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/05/23 22:04:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 12:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 10:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 11:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/05/17 20:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,639,914 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,151,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/10/14 20:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayerLogs
[2010/04/24 10:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/19 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/08/03 06:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/04/24 10:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/24 12:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/05/30 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/25 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\EurekaLog
[2011/09/19 22:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2010/08/13 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GianPaoloSaliola
[2010/03/09 20:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gsak
[2011/10/06 22:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HealthEngage
[2011/08/03 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Juniper Networks
[2011/04/23 09:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2010/05/09 19:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nova Development
[2011/04/01 21:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2011/06/04 20:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PCHC
[2010/10/30 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinFF
[2011/12/02 21:27:12 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/02 21:31:44 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job

========== Purity Check ==========



< End of report >


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8A36000 \WINDOWS\system32\KDCOM.DLL
0xF8946000 \WINDOWS\system32\BOOTVID.dll
0xF84E7000 ACPI.sys
0xF8A38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF84D6000 pci.sys
0xF8536000 isapnp.sys
0xF8AFE000 pciide.sys
0xF87B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8546000 MountMgr.sys
0xF84B7000 FTDISK.SYS
0xF8A3A000 dmload.sys
0xF8491000 dmio.sys
0xF87BE000 PartMgr.sys
0xF8556000 VolSnap.sys
0xF8479000 atapi.sys
0xF8566000 disk.sys
0xF8576000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8459000 fltmgr.sys
0xF8447000 sr.sys
0xF8430000 KSecDD.sys
0xF83A3000 Ntfs.sys
0xF8376000 NDIS.sys
0xF835C000 Mup.sys
0xF8586000 agp440.sys
0xF8736000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7B68000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7B54000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8836000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7B30000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF883E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7B0D000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8846000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8746000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF884E000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8856000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8756000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8A02000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7AF9000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8766000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A06000 \SystemRoot\system32\drivers\pfc.sys
0xF8776000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8786000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7AD6000 \SystemRoot\System32\DRIVERS\ks.sys
0xF885E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7A61000 \SystemRoot\system32\drivers\smwdm.sys
0xF8B5E000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF7A3D000 \SystemRoot\system32\drivers\portcls.sys
0xF8796000 \SystemRoot\system32\drivers\drmk.sys
0xF8A5A000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8B5F000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF87A6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A0E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7A26000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF85A6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF85B6000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8866000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7A15000 \SystemRoot\System32\DRIVERS\psched.sys
0xF85C6000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF886E000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8876000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF79E5000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF85D6000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A5C000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7987000 \SystemRoot\System32\DRIVERS\update.sys
0xF8A2A000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF85E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF85F6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A64000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF888E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF6719000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF8A70000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B3F000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A72000 \SystemRoot\System32\Drivers\Beep.SYS
0xF66DA000 \??\C:\WINDOWS\system32\drivers\SBREdrv.sys
0xF88AE000 \SystemRoot\System32\drivers\vga.sys
0xF8A74000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A76000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88B6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88BE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7CDE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF66A7000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF664E000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF662C000 \SystemRoot\System32\drivers\afd.sys
0xF8636000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF6601000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF89E2000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xF6591000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF88CE000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB931A81-5422-4359-8EB0-C773CC1CD92D}\MpKsl10b7124f.sys
0xF656B000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8666000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8676000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8686000 \SystemRoot\system32\DRIVERS\ser2pl.sys
0xF86A6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF652B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A78000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF796F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88DE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BE5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF41F000 \SystemRoot\System32\ATMFD.DLL
0xF4B01000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF3923000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8A9A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF37DB000 \SystemRoot\System32\DRIVERS\srv.sys
0xF3686000 \SystemRoot\system32\drivers\wdmaud.sys
0xF3743000 \SystemRoot\system32\drivers\sysaudio.sys
0xF2AD6000 \SystemRoot\System32\Drivers\HTTP.sys
0xF880E000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB931A81-5422-4359-8EB0-C773CC1CD92D}\MpKsl2683acab.sys
0xF0E94000 \SystemRoot\system32\DRIVERS\0918719drv.sys
0xF0972000 \SystemRoot\system32\DRIVERS\67056705.sys
0xF094E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEFF6A000 \SystemRoot\System32\Drivers\Udfs.SYS
0xEF277000 \SystemRoot\system32\DRIVERS\07480497.sys
0xEE4B9000 \SystemRoot\system32\DRIVERS\72837606.sys
0xEDF97000 \SystemRoot\system32\DRIVERS\47053021.sys
0xF8806000 \??\C:\WINDOWS\system32\Drivers\utqxnjc1.sys
0xEDF6C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 18):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
668 csrss.exe
692 C:\WINDOWS\system32\winlogon.exe
736 C:\WINDOWS\system32\services.exe
748 C:\WINDOWS\system32\lsass.exe
908 C:\WINDOWS\system32\svchost.exe
984 svchost.exe
1060 C:\WINDOWS\system32\svchost.exe
1384 C:\WINDOWS\system32\spoolsv.exe
1456 svchost.exe
444 C:\WINDOWS\system32\ctfmon.exe
712 svchost.exe
220 C:\WINDOWS\system32\svchost.exe
3360 C:\WINDOWS\system32\svchost.exe
3936 C:\WINDOWS\explorer.exe
1688 C:\Documents and Settings\Michael\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#10
Nedklaw
Posted 04 December 2011 - 06:28 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
It looks like you have a new variant of a nasty rootkit which creates a hidden partition on your computer containing the rootkit.

I advise you print off the below instructions and read them two or three times until you feel comfortable with what you are doing.


Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows XP Recovery Console rc.iso

Create a bootable CD, 1 for Gparted and 1 for the Windows XP Recovery Console, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen.
According to your logs, the partition that you want to delete is 12MB.

sfadad.jpg

Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows XP Recovery Console CD and execute the following commands:

  • fixmbr \Device\HardDisk0
  • fixboot c:
  • exit

Once back in Windows.

  • Re-run MBRCheck.exe.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

Things I want to see in your next reply

  • MBRCheck_mm.dd.yy_hh.mm.ss.txt
  • 0

Advertisements

#11
SFAdad
Posted 04 December 2011 - 11:26 AM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
i am ready to boot from the gparted CD. How do I do that?
  • 0

#12
Nedklaw
Posted 04 December 2011 - 11:38 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Insert the CD into your CD-ROM drive and reboot. Many computers are configured to boot from CD before booting to the hard disk.

If your computer does not boot the GParted Live CD, you may need to enter the BIOS or Setup menu of your computer.
If you do not know how to set your computer to boot from CD follow the steps here.
  • 0

#13
SFAdad
Posted 04 December 2011 - 12:01 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Successfully ran the gparted and RC console. MBRcheck log attached.

Attached File  MBRCheck_12.04.11_11.55.35.txt   7.09KB   117 downloads
  • 0

#14
Nedklaw
Posted 05 December 2011 - 03:42 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

  • ComboFix.txt
  • 0

#15
SFAdad
Posted 05 December 2011 - 10:20 PM

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I ran combofix but now I can't connect to the internet. I have had this problem before but can't remember how to fix it.
I also can't post the ComboFix log since I am logging in from my wife's computer.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP