Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hacktool.rootkit [Closed]


  • This topic is locked This topic is locked

#1
bradkc

bradkc

    Member

  • Member
  • PipPip
  • 11 posts
Hi - Last friday we picked up a trogan that I managed to get rid of with Malware Bytes and SpyDoctor. I thought the problem was solved but now Norton keeps popping up saying is 'processing security risk Hacktool.Rootkit'. A few moments later it says its removed it, but when I shut down and restart the computer, it pops up again. I'm also having problems accessing any Microsoft related websites, and just this afternoon, about 10 seconds after I open internet explorer, it shuts down on me. I cant keep it open.

Any assistance would be greatly appreciated.

Run log from OTL by OldTimer:

OTL logfile created on: 6/08/2012 5:30:27 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 26.19% Memory free
3.84 Gb Paging File | 2.58 Gb Available in Paging File | 67.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 84.65 Gb Free Space | 57.79% Space Free | Partition Type: NTFS
Drive E: | 4.65 Gb Total Space | 1.69 Gb Free Space | 36.42% Space Free | Partition Type: FAT32

Computer Name: KACIENBRAD | User Name: Kacie and Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/06 17:28:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/06/22 15:34:12 | 002,673,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/03/28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/28 16:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/07/25 18:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 18:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 18:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 18:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/10 00:03:06 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/05/17 17:43:28 | 001,428,360 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/05/17 17:43:18 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 14:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2005/09/25 19:11:20 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/22 15:34:06 | 000,157,656 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/06/22 15:33:48 | 000,091,608 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2012/06/22 11:38:46 | 000,108,504 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/07/25 18:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 16:52:30 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/05/17 16:31:18 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/04/25 12:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
MOD - [2003/05/08 11:23:04 | 000,618,496 | ---- | M] () -- C:\Program Files\VDMSound\LaunchPad.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Unknown] -- -- (WinDefend)
SRV - [2012/08/04 14:56:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/25 18:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2007/03/19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Pcouffin.sys -- (Pcouffin)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\BPIKSp50.sys -- (BPIKSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2012/06/22 15:35:16 | 000,070,568 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/06/22 15:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/06/22 15:29:36 | 000,254,944 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/06/22 11:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/06/19 10:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/15 04:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120803.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/06/02 11:37:22 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/02 11:37:22 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/16 16:43:08 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120805.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 16:43:07 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120805.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/10/31 17:36:29 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/06/26 10:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/26 10:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2011/04/21 11:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/31 13:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 13:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/15 12:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 16:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 15:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2009/02/19 09:08:14 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV - [2009/02/19 09:08:10 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2009/02/19 09:08:04 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/08/28 16:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 16:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 20:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/07/16 22:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 22:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 22:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 17:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 00:03:04 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/29 17:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/31 00:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 00:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/22 21:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/22 21:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/22 21:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/22 21:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/22 21:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 14:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2004/12/18 14:58:32 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{A0B271A9-D8AA-8E74-7392-2164D6A1C03C}: "URL" = http://www.iesearch....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ninemsn.com.au/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5F3BEBD5-F6C6-A4B8-EDD2-A6F5F61813A8}: "URL" = http://www.buzqo.com...cfg=2-401-0-...
IE - HKCU\..\SearchScopes\{8C209F56-C1EE-4A17-9FF8-5E545A251B39}: "URL" = http://websearch.ask...6B-5818E3E4C4B4
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-13 16:16:02&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A0B271A9-D8AA-8E74-7392-2164D6A1C03C}: "URL" = http://www.iesearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{C03CDE4E-1FDA-414C-B2D7-1EFA1C73C0B1}: "URL" = http://au.search.yah...415,17022,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/02 19:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_10_1 [2012/08/06 17:11:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012/03/24 17:23:26 | 000,102,423 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/08/05 18:50:02 | 000,000,000 | ---D | M]

[2010/12/28 20:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kacie and Brad\Application Data\Mozilla\Extensions
[2010/12/28 20:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kacie and Brad\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (VideoFileDownload) - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - C:\Program Files\OApps\bho_project.dll (VideoFileDownload)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [TmsPcamo] C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O4 - Startup: C:\Documents and Settings\Kacie and Brad\Start Menu\Programs\Startup\tmspcamo.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: google.com.au ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v4.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v5.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v5.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v6.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([v6.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87C4E74F-7E00-46D8-8438-773C29738974}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe) - C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe ()
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\f09944b0964: DllName - (C:\WINDOWS\system32\devmgr32.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0416e140-c3a6-11df-be52-001fe1ef413d}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{048d4f1e-0ea1-11e1-810d-001fe1ef413d}\Shell - "" = AutoRun
O33 - MountPoints2\{048d4f1e-0ea1-11e1-810d-001fe1ef413d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{048d4f1e-0ea1-11e1-810d-001fe1ef413d}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{1f6bffc4-4318-11e0-bf47-001fe1ef413d}\Shell - "" = AutoRun
O33 - MountPoints2\{1f6bffc4-4318-11e0-bf47-001fe1ef413d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f6bffc4-4318-11e0-bf47-001fe1ef413d}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O33 - MountPoints2\{5d4ae270-5f3f-11dd-81cc-001fe1ef413d}\Shell - "" = AutoRun
O33 - MountPoints2\{5d4ae270-5f3f-11dd-81cc-001fe1ef413d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d4ae270-5f3f-11dd-81cc-001fe1ef413d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 17:35:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kacie and Brad\Desktop\OTL.exe
[2012/08/05 18:49:54 | 000,070,768 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/08/05 18:49:51 | 000,149,464 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/08/05 18:49:50 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/08/05 18:49:49 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/08/05 18:47:39 | 000,254,944 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/08/05 18:47:23 | 000,017,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/08/05 18:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/08/05 18:47:14 | 000,070,568 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/08/05 18:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/08/05 18:31:25 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/08/05 18:31:25 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/08/05 18:31:20 | 000,383,368 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/08/05 18:31:20 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/08/05 18:31:13 | 000,203,120 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/08/05 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/08/05 18:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/05 18:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/08/05 18:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\TestApp
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-CN
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ru-RU
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-PT
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ms-MY
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ja-JP
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\hu-HU
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs-CZ
[2012/08/05 16:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zune
[2012/08/05 16:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2012/08/05 15:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\SpeedyPC Software
[2012/08/05 15:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/08/05 14:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\PC Utility Kit
[2012/08/05 14:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/05 14:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\DriverCure
[2012/08/05 14:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\SpeedMaxPc
[2012/08/05 14:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/08/04 14:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Desktop\PHONE
[2012/08/02 18:51:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/02 18:51:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kacie and Brad\Recent
[2012/08/02 18:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/02 17:55:15 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/07/18 18:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\My Documents\My Streaming Media
[2012/07/18 18:09:19 | 000,028,256 | ---- | C] (Applian Technologies Inc.) -- C:\WINDOWS\System32\drivers\appliand.sys
[2012/07/18 18:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Applian Technologies
[2012/07/18 18:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/07/18 18:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\Replay Media Catcher 4
[2012/07/18 18:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applian
[2012/07/18 17:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\My Documents\YOUTUBE VIDEOS
[1 C:\Documents and Settings\Kacie and Brad\*.tmp files -> C:\Documents and Settings\Kacie and Brad\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/06 17:28:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kacie and Brad\Desktop\OTL.exe
[2012/08/06 17:13:56 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/08/06 17:11:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/06 17:10:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/06 17:10:41 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 16:54:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/05 18:47:26 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/08/05 18:32:22 | 000,713,253 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/08/05 16:20:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2012/08/05 16:20:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/08/05 16:18:06 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/05 16:18:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/08/05 16:10:03 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/05 16:04:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01009.Wdf
[2012/08/05 16:03:34 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2012/08/05 15:40:05 | 000,000,518 | ---- | M] () -- C:\WINDOWS\tasks\One-Click Tweak.job
[2012/08/05 09:59:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/08/03 19:37:15 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/03 17:00:30 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 18:51:12 | 000,495,880 | ---- | M] () -- C:\Documents and Settings\Kacie and Brad\My Documents\cc_20120802_185102.reg
[2012/08/02 17:55:23 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Kacie and Brad\Application Data\mbam.context.scan
[2012/08/02 17:02:04 | 000,093,316 | --S- | M] () -- C:\Documents and Settings\Kacie and Brad\Start Menu\Programs\Startup\tmspcamo.exe
[2012/08/01 18:37:25 | 000,000,272 | ---- | M] () -- C:\{07ABBA21-91BA-4079-9ED3-B809D4C15320}
[2012/07/22 16:30:43 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\Kacie and Brad\default.pls
[1 C:\Documents and Settings\Kacie and Brad\*.tmp files -> C:\Documents and Settings\Kacie and Brad\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 18:49:53 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/08/05 18:49:51 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/08/05 18:49:51 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/08/05 18:49:51 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/08/05 18:49:51 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/08/05 18:47:26 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/08/05 18:31:30 | 000,713,253 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/08/05 16:20:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2012/08/05 16:20:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/08/05 16:18:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/08/05 16:04:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01009.Wdf
[2012/08/05 16:03:34 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2012/08/05 16:00:00 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/05 15:40:03 | 000,000,518 | ---- | C] () -- C:\WINDOWS\tasks\One-Click Tweak.job
[2012/08/03 16:56:58 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 18:51:04 | 000,495,880 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\My Documents\cc_20120802_185102.reg
[2012/08/02 17:55:23 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\mbam.context.scan
[2012/08/02 17:02:11 | 000,093,316 | --S- | C] () -- C:\Documents and Settings\Kacie and Brad\Start Menu\Programs\Startup\tmspcamo.exe
[2012/08/01 18:37:25 | 000,000,272 | ---- | C] () -- C:\{07ABBA21-91BA-4079-9ED3-B809D4C15320}
[2012/03/13 15:15:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2012/03/13 15:15:22 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/12/31 12:22:40 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\.backup.dm
[2011/12/16 19:10:41 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2011/12/16 19:10:40 | 000,000,204 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2011/12/08 06:48:22 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2011/12/08 06:48:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2011/12/08 06:48:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2011/11/21 13:52:24 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2011/11/07 08:27:50 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\SMRResults210.dat
[2011/10/31 17:56:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\apistreamadv.exe
[2010/12/31 10:54:18 | 000,004,976 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
[2010/12/31 10:36:49 | 000,004,911 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oafcpcef.qqj
[2010/10/03 02:42:30 | 008,665,685 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\Justin Bieber - Never Say Never ft Jaden Smith.zip
[2009/06/29 16:01:41 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxat.gif
[2009/06/29 16:01:41 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxzn.gif
[2009/06/29 16:01:41 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxby.gif
[2009/04/30 18:34:38 | 000,005,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/10/31 17:44:35 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\jagex_runescape_preferences.dat
[2008/10/10 16:41:30 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/06/08 10:08:48 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\GoToAssistDownloadHelper.exe
[2007/11/01 07:18:44 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\default.pls
[2007/10/30 17:15:22 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\wklnhst.dat

========== LOP Check ==========

[2012/07/18 18:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2011/10/31 17:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/06/08 10:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/01/17 16:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2012/03/13 16:14:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/12 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gFj31002gDiMm31002
[2011/11/14 19:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/03/13 15:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/04/30 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movavi Video Converter 6
[2007/12/31 08:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/24 18:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2010/09/01 19:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/02/17 17:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/08/05 14:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2011/10/31 17:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/09/06 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/08/05 14:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/08/05 15:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2007/10/23 23:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/08/06 17:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/28 20:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/01/04 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/06/30 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/05 18:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/15 09:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/23 08:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Bitrix Security
[2012/04/10 12:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\BitZipper
[2011/09/13 07:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\DocumentsToGoDesktop
[2012/08/05 14:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\DriverCure
[2011/11/08 19:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\F933EBA15791B28CC779D1DC33256DDB
[2011/01/22 08:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\fhnetwork.com
[2012/03/01 06:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\FrostWire
[2008/05/18 15:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Leadertech
[2010/12/31 10:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\MOVAVI
[2010/12/31 10:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Movavi Video Converter 10
[2010/12/31 10:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Movavi Video Suite 9
[2011/04/24 07:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\MP3Rocket
[2007/12/31 08:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\NCH Swift Sound
[2008/02/25 19:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Nokia
[2008/02/17 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\PC Suite
[2012/08/05 14:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\PC Utility Kit
[2011/04/09 07:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Publish Providers
[2012/07/18 18:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Replay Media Catcher 4
[2007/12/23 10:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\SlySoft
[2011/04/09 07:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Sony
[2011/04/09 07:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Sony Setup
[2012/08/05 14:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\SpeedMaxPc
[2012/08/05 15:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\SpeedyPC Software
[2007/10/30 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Template
[2012/08/05 18:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\TestApp
[2010/10/22 17:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Tific
[2008/01/08 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\tmp
[2010/12/28 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\TomTom
[2012/08/04 22:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\uTorrent
[2010/04/17 15:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Youtube Downloader HD
[2012/08/05 09:59:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/08/05 15:40:05 | 000,000,518 | ---- | M] () -- C:\WINDOWS\Tasks\One-Click Tweak.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB30612$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:BFD693C0D2C72E8A
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, bradkc! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for bradkc only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon. Whilst you are waiting you can run the following tool:


Step 1

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • aswMBR.txt

  • 0

#3
bradkc

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR log:-

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-07 07:10:46
-----------------------------
07:10:46.625 OS Version: Windows 5.1.2600 Service Pack 3
07:10:46.625 Number of processors: 2 586 0xF0D
07:10:46.625 ComputerName: KACIENBRAD UserName:
07:10:47.421 Initialize success
07:11:00.203 AVAST engine download error: 0
07:11:06.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
07:11:06.437 Disk 0 Vendor: FUJITSU_MHW2160BH 0085001C Size: 152627MB BusType: 3
07:11:06.468 Disk 0 MBR read successfully
07:11:06.468 Disk 0 MBR scan
07:11:06.468 Disk 0 Windows XP default MBR code
07:11:06.468 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
07:11:06.484 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149981 MB offset 160650
07:11:06.484 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 307339515
07:11:06.515 Disk 0 Partition 3 00 DD MSDOS5.0 2557 MB offset 307339578
07:11:06.531 Disk 0 scanning sectors +312576705
07:11:06.593 Disk 0 scanning C:\WINDOWS\system32\drivers
07:11:22.125 Service scanning
07:11:29.812 Service BPIKSp50 D:\BPIKSp50.sys **LOCKED** 21
07:12:02.937 Modules scanning
07:12:32.203 Disk 0 trace - called modules:
07:12:32.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys
07:12:32.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aca5ab8]
07:12:32.281 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8aca7920]
07:12:32.296 5 PCTCore.sys[b9d2482d] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ad3b940]
07:12:32.312 Scan finished successfully
07:13:00.718 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
07:13:00.968 The log file has been saved successfully to "E:\aswMBR.txt"
  • 0

#4
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection.

Keep the paid version of Norton only if the subscription is up-to-date. If it isn't, uninstall it and keep PC Tools.

Uninstall Norton or PC Tools via Control Panel > Add/Remove Programs.


Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [CREATERESTOREPOINT] 
    
    :OTL 
    IE - HKCU\..\SearchScopes\{5F3BEBD5-F6C6-A4B8-EDD2-A6F5F61813A8}: "URL" = http://www.buzqo.com...cfg=2-401-0-...
    IE - HKCU\..\SearchScopes\{8C209F56-C1EE-4A17-9FF8-5E545A251B39}: "URL" = http://websearch.ask...6B-5818E3E4C4B4
    O2 - BHO: (VideoFileDownload) - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - C:\Program Files\OApps\bho_project.dll (VideoFileDownload)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [TmsPcamo] C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe ()
    O4 - Startup: C:\Documents and Settings\Kacie and Brad\Start Menu\Programs\Startup\tmspcamo.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe) - C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe ()
    O20 - Winlogon\Notify\f09944b0964: DllName - (C:\WINDOWS\system32\devmgr32.dll) - File not found
    [2011/10/31 17:56:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\apistreamadv.exe
    [2010/12/31 10:54:18 | 000,004,976 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
    [2010/12/31 10:36:49 | 000,004,911 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oafcpcef.qqj
    [2009/06/29 16:01:41 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxat.gif
    [2009/06/29 16:01:41 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxzn.gif
    [2009/06/29 16:01:41 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxby.gif
    [2009/04/30 18:34:38 | 000,005,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
    [2008/06/08 10:08:48 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\GoToAssistDownloadHelper.exe
    [2011/10/31 17:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/12 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gFj31002gDiMm31002
    [2010/10/23 08:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Bitrix Security
    [2011/11/08 19:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\F933EBA15791B28CC779D1DC33256DDB
    [2010/04/17 15:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Youtube Downloader HD
    [C:\WINDOWS\$NtUninstallKB30612$] -> -> Unknown point type
    [1 C:\Documents and Settings\Kacie and Brad\*.tmp files -> C:\Documents and Settings\Kacie and Brad\*.tmp -> ]
    
    :Files
    C:\Program Files\OApps
    C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx
    ipconfig /flushdns /c
    
    :Commands
    [resethosts] 
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


IMPORTANT!!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get this error "Illegal operation attempted on a registry key that has been marked for deletion" then reboot, that will cure it.



Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • ComboFix.txt

  • 0

#5
bradkc

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
•OTL Fix Log
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F3BEBD5-F6C6-A4B8-EDD2-A6F5F61813A8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F3BEBD5-F6C6-A4B8-EDD2-A6F5F61813A8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C209F56-C1EE-4A17-9FF8-5E545A251B39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C209F56-C1EE-4A17-9FF8-5E545A251B39}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9}\ not found.
File C:\Program Files\OApps\bho_project.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TmsPcamo deleted successfully.
File C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe not found.
File C:\Documents and Settings\Kacie and Brad\Start Menu\Programs\Startup\tmspcamo.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe deleted successfully.
File C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx\tmspcamo.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f09944b0964\ not found.
File C:\WINDOWS\System32\apistreamadv.exe not found.
File C:\Documents and Settings\All Users\Application Data\ojobkspa.ako not found.
File C:\Documents and Settings\All Users\Application Data\oafcpcef.qqj not found.
File C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxat.gif not found.
File C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxzn.gif not found.
File C:\Documents and Settings\Kacie and Brad\Application Data\GlZ3uuFxby.gif not found.
File C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs not found.
File C:\Documents and Settings\Kacie and Brad\GoToAssistDownloadHelper.exe not found.
Folder C:\Documents and Settings\All Users\Application Data\AVAST Software\ not found.
Folder C:\Documents and Settings\All Users\Application Data\gFj31002gDiMm31002\ not found.
Folder C:\Documents and Settings\Kacie and Brad\Application Data\Bitrix Security\ not found.
Folder C:\Documents and Settings\Kacie and Brad\Application Data\F933EBA15791B28CC779D1DC33256DDB\ not found.
Folder C:\Documents and Settings\Kacie and Brad\Application Data\Youtube Downloader HD\ not found.
Unable to remove Unknown point type C:\WINDOWS\$NtUninstallKB30612$
File/Folder C:\Documents and Settings\Kacie and Brad\*.tmp not found.
========== FILES ==========
File\Folder C:\Program Files\OApps not found.
C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\lgbdradx folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kacie and Brad\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kacie and Brad\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kacie and Brad
->Temp folder emptied: 99618 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08102012_172546

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_b0.dat not found!

PendingFileRenameOperations files...
File C:\WINDOWS\temp\Perflib_Perfdata_b0.dat not found!

Registry entries deleted on Reboot...



•OTL.txt
Sorry - I missed this step - was having internet problems.



•ComboFix.txt
ComboFix 12-08-09.01 - Kacie and Brad 10/08/2012 18:04:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1573 [GMT 10:00]
Running from: c:\documents and settings\Kacie and Brad\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Kacie and Brad\Application Data\Adobe\moha.exe
c:\documents and settings\Kacie and Brad\Application Data\Adobe\plugs
c:\documents and settings\Kacie and Brad\Application Data\Adobe\shed
c:\documents and settings\Kacie and Brad\Local Settings\Application Data\ayagwrxd.log
c:\documents and settings\Kacie and Brad\Local Settings\Application Data\hidmoopv.log
c:\documents and settings\Kacie and Brad\Local Settings\Application Data\jbwjbntc.log
c:\documents and settings\Kacie and Brad\Local Settings\Application Data\npmydwta.log
c:\documents and settings\Kacie and Brad\Local Settings\Application Data\usfiuydw.log
c:\documents and settings\Kacie and Brad\Local Settings\Application Data\vjjvqvlf.log
c:\documents and settings\Kacie and Brad\Local Settings\Application Data\wgyoogoy.log
c:\windows\$NtUninstallKB30612$
c:\windows\$NtUninstallKB30612$\193952795\@
c:\windows\$NtUninstallKB30612$\193952795\bckfg.tmp
c:\windows\$NtUninstallKB30612$\193952795\cfg.ini
c:\windows\$NtUninstallKB30612$\193952795\Desktop.ini
c:\windows\$NtUninstallKB30612$\193952795\keywords
c:\windows\$NtUninstallKB30612$\193952795\kwrd.dll
c:\windows\$NtUninstallKB30612$\193952795\L\iahonoel
c:\windows\$NtUninstallKB30612$\193952795\U\[email protected]
c:\windows\$NtUninstallKB30612$\193952795\U\[email protected]
c:\windows\$NtUninstallKB30612$\193952795\U\[email protected]
c:\windows\$NtUninstallKB30612$\193952795\U\[email protected]
c:\windows\$NtUninstallKB30612$\193952795\U\[email protected]
c:\windows\$NtUninstallKB30612$\193952795\U\[email protected]
c:\windows\$NtUninstallKB30612$\3199300215
c:\windows\system32\1118512087
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-09 07:56 . 2012-08-09 07:56 -------- d-----w- C:\_OTL
2012-08-05 09:17 . 2012-08-05 09:17 -------- d-----w- c:\documents and settings\Kacie and Brad\Local Settings\Application Data\Threat Expert
2012-08-05 08:47 . 2012-08-09 07:49 -------- d-----w- c:\program files\PC Tools
2012-08-05 08:31 . 2012-06-22 05:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-08-05 08:31 . 2012-08-09 07:49 -------- d-----w- c:\program files\Common Files\PC Tools
2012-08-05 08:29 . 2012-08-08 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-08-05 08:29 . 2012-08-05 08:29 -------- d-----w- c:\documents and settings\Kacie and Brad\Application Data\TestApp
2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\windows\system32\zh-CN
2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\windows\system32\ru-RU
2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\windows\system32\pt-PT
2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\windows\system32\pl-PL
2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\windows\system32\ms-MY
2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\windows\system32\ja-JP
2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\windows\system32\hu-HU
2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\windows\system32\cs-CZ
2012-08-05 06:06 . 2012-08-05 06:06 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2012-08-05 06:06 . 2012-08-05 06:06 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY
2012-08-05 06:06 . 2012-08-05 06:06 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID
2012-08-05 06:06 . 2012-08-05 06:06 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE
2012-08-05 06:06 . 2012-08-05 06:06 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO
2012-08-05 06:03 . 2012-08-05 06:03 -------- d-----w- c:\windows\system32\drivers\UMDF\en-US
2012-08-05 06:03 . 2012-08-05 06:10 -------- d-----w- c:\program files\Zune
2012-08-05 06:00 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2012-08-05 06:00 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2012-08-05 06:00 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2012-08-05 06:00 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll
2012-08-05 06:00 . 2008-05-02 10:49 62976 ------w- c:\windows\system32\dllcache\cdrom.sys
2012-08-05 05:46 . 2012-08-05 05:46 -------- d-----w- c:\documents and settings\Kacie and Brad\Application Data\SpeedyPC Software
2012-08-05 05:46 . 2012-08-05 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-08-05 04:16 . 2012-08-05 04:16 -------- d-----w- c:\documents and settings\Kacie and Brad\Application Data\PC Utility Kit
2012-08-05 04:15 . 2012-08-05 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Utility Kit
2012-08-05 04:12 . 2012-08-05 04:12 -------- d-----w- c:\documents and settings\Kacie and Brad\Application Data\DriverCure
2012-08-05 04:12 . 2012-08-05 04:12 -------- d-----w- c:\documents and settings\Kacie and Brad\Application Data\SpeedMaxPc
2012-08-05 04:12 . 2012-08-05 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-08-02 08:51 . 2012-07-03 03:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 07:55 . 2012-08-02 07:55 -------- d-----w- C:\Malwarebytes
2012-07-18 08:10 . 2012-07-18 08:10 -------- d-----w- c:\documents and settings\Kacie and Brad\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2012-07-18 08:09 . 2011-06-26 00:56 28256 ----a-w- c:\windows\system32\drivers\appliand.sys
2012-07-18 08:08 . 2012-07-18 08:08 -------- d-----w- c:\program files\Applian Technologies
2012-07-18 08:08 . 2012-07-18 08:11 -------- d-----w- c:\documents and settings\Kacie and Brad\Application Data\Replay Media Catcher 4
2012-07-18 08:08 . 2012-07-18 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 04:55 . 2012-05-08 03:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-04 04:55 . 2011-11-23 20:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 22:46 . 2012-07-05 22:46 172098 ----a-w- C:\torrent.exe
2012-06-25 06:04 . 2012-06-25 06:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-13 13:19 . 2004-08-11 09:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-29 10:06 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-11 09:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-11 09:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:19 . 2007-07-30 09:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 05:19 . 2007-07-30 09:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 05:19 . 2004-08-11 09:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 05:19 . 2004-08-11 09:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 05:19 . 2004-08-11 09:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 05:19 . 2007-07-30 09:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 05:19 . 2007-07-30 09:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 05:19 . 2004-08-11 09:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 05:19 . 2004-08-11 09:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 05:19 . 2004-08-11 09:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 05:19 . 2007-07-30 09:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 05:19 . 2004-08-11 09:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 05:19 . 2004-08-11 09:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 05:18 . 2009-01-04 05:07 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 05:18 . 2009-01-04 05:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 05:18 . 2009-01-04 05:07 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-11 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-11 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 05:56 203776 --sh--w- c:\windows\system32\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-29 16384]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BRMFCWND.EXE" [2008-02-18 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2006-10-03 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-27 404568]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-23 50688]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-10-30 745472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27583:TCP"= 27583:TCP:BitComet 27583 TCP
"27583:UDP"= 27583:UDP:BitComet 27583 UDP
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [12/06/2012 11:18 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [12/06/2012 11:18 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120804.001\BHDrvx86.sys [10/08/2012 5:49 PM 821920]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [12/06/2012 11:18 AM 136312]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [30/10/2007 5:36 PM 66048]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.2.3\ccsvchst.exe [12/06/2012 11:17 AM 130008]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [18/07/2012 6:09 PM 28256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/08/2012 5:49 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120809.001\IDSXpx86.sys [10/08/2012 5:52 PM 369632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/05/2012 1:04 PM 250056]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys --> c:\windows\system32\DRIVERS\lgandbus.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys --> c:\windows\system32\DRIVERS\lganddiag.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys --> c:\windows\system32\DRIVERS\lgandgps.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys --> c:\windows\system32\DRIVERS\lgandmodem.sys [?]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [18/07/2012 6:09 PM 28256]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;\??\d:\bpiksp50.sys --> d:\BPIKSp50.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;\??\c:\windows\system32\drivers\massfilter_hs.sys --> c:\windows\system32\drivers\massfilter_hs.sys [?]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [30/10/2007 5:35 PM 167808]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [5/08/2011 12:30 PM 268512]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [23/01/2011 2:34 PM 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [23/01/2011 2:34 PM 105216]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [23/01/2011 2:34 PM 105216]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 04:56]
.
2012-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 07:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024
uInternet Settings,ProxyOverride = <local>
Trusted Zone: google.com.au\www
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\v6.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-22786209.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-vfd-ob - c:\program files\OApps\vfd-ob_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 18:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BrMfcWnd = c:\program files\Brother\Brmfcmon\BRMFCWND.EXE /AUTORUN????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3868)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2012-08-10 18:30:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 08:30
.
Pre-Run: 91,274,653,696 bytes free
Post-Run: 91,219,353,600 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FA28B94D8A40A710500B5047A248C606
  • 0

#6
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
What antivirus (security software) do you have installed on your computer?


Step 1

  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • Answer to my question
  • OTL.txt

  • 0

#7
bradkc

bradkc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
We have a paid version Norton Internet Security 2011 - has another 2 months left on it. This isnt the first this kinda thing has happened - Im not impressed with Norton - what Antivirus do you recommend?

OTL scan log:
OTL logfile created on: 12/08/2012 7:56:36 AM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Kacie and Brad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.34% Memory free
3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.47 Gb Total Space | 80.83 Gb Free Space | 55.19% Space Free | Partition Type: NTFS

Computer Name: KACIENBRAD | User Name: Kacie and Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/11 14:17:35 | 001,285,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\6.2.1.5\InstStub.exe
PRC - [2012/08/06 17:28:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kacie and Brad\Desktop\OTL.exe
PRC - [2012/05/17 16:51:10 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\WMZuneComm.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/28 16:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/07/25 18:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 18:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 18:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 18:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/10 00:03:06 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/05/17 17:43:28 | 001,428,360 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/05/17 17:43:18 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 14:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2005/09/25 19:11:20 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/07/25 18:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 16:52:30 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/05/17 16:31:18 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/04/25 12:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/04/06 20:19:28 | 000,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
MOD - [2003/05/08 11:23:04 | 000,618,496 | ---- | M] () -- C:\Program Files\VDMSound\LaunchPad.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Unknown] -- -- (WinDefend)
SRV - [2012/08/04 14:56:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 09:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/25 18:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2007/03/19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Pcouffin.sys -- (Pcouffin)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\BPIKSp50.sys -- (BPIKSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2012/08/11 14:19:44 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/08/10 17:49:09 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/10 17:49:08 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/19 10:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120804.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/15 04:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120810.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/05/16 16:43:08 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120810.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 16:43:07 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120810.020\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/29 16:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0602010.005\SymEFA.sys -- (SymEFA)
DRV - [2012/03/29 16:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0602010.005\SymDS.sys -- (SymDS)
DRV - [2012/03/29 16:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.sys -- (SymIRON)
DRV - [2012/03/29 16:03:27 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX)
DRV - [2011/11/30 08:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys -- (ccSet_N360)
DRV - [2011/06/26 10:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/26 10:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2011/04/21 11:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/31 13:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2009/02/19 09:08:14 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV - [2009/02/19 09:08:10 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2009/02/19 09:08:04 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/08/28 16:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 16:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 20:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/07/16 22:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 22:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 22:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 17:07:56 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 00:03:04 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/29 17:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/31 00:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 00:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/22 21:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/22 21:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/22 21:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/22 21:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/22 21:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 14:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2004/12/18 14:58:32 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{A0B271A9-D8AA-8E74-7392-2164D6A1C03C}: "URL" = http://www.iesearch....q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 87 DD 03 F0 4A F0 46 9F A7 68 12 D1 DE BC BE [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2071024
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 87 DD 03 F0 4A F0 46 9F A7 68 12 D1 DE BC BE [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 87 DD 03 F0 4A F0 46 9F A7 68 12 D1 DE BC BE [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 87 DD 03 F0 4A F0 46 9F A7 68 12 D1 DE BC BE [binary data]

IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-13 16:16:02&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\SearchScopes\{A0B271A9-D8AA-8E74-7392-2164D6A1C03C}: "URL" = http://www.iesearch....q={searchTerms}
IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\SearchScopes\{C03CDE4E-1FDA-414C-B2D7-1EFA1C73C0B1}: "URL" = http://au.search.yah...415,17022,0,8,0
IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/02 19:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_10_1 [2012/08/11 13:48:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012/03/24 17:23:26 | 000,102,423 | ---- | M] ()

[2010/12/28 20:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kacie and Brad\Application Data\Mozilla\Extensions
[2010/12/28 20:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kacie and Brad\Application Data\Mozilla\Extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/08/10 18:18:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005..\Run: [Norton Download Manager{N360621005-SHPD-FSD25037}] C:\Documents and Settings\All Users\Documents\Norton\{N360621005-SHPD-FSD25037}\N360Downloader[1].exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: google.com.au ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: microsoft.com ([v4.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: microsoft.com ([v4.windowsupdate] https in Trusted sites)
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: microsoft.com ([v5.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: microsoft.com ([v5.windowsupdate] https in Trusted sites)
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: microsoft.com ([v6.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: microsoft.com ([v6.windowsupdate] https in Trusted sites)
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344661922781 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87C4E74F-7E00-46D8-8438-773C29738974}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 15:12:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/10 18:37:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/10 17:48:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/10 17:32:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/10 17:32:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/10 17:32:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/10 17:32:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/10 17:32:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/10 17:32:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/10 17:28:17 | 004,728,003 | R--- | C] (Swearware) -- C:\Documents and Settings\Kacie and Brad\Desktop\ComboFix.exe
[2012/08/09 17:56:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/07 07:09:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kacie and Brad\Desktop\aswMBR.exe
[2012/08/06 17:35:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kacie and Brad\Desktop\OTL.exe
[2012/08/05 19:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\Threat Expert
[2012/08/05 18:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/08/05 18:31:13 | 000,203,120 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/08/05 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/08/05 18:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/08/05 18:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\TestApp
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-CN
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ru-RU
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-PT
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ms-MY
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ja-JP
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\hu-HU
[2012/08/05 16:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs-CZ
[2012/08/05 16:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zune
[2012/08/05 16:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2012/08/05 15:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\SpeedyPC Software
[2012/08/05 15:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/08/05 14:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\PC Utility Kit
[2012/08/05 14:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/08/05 14:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\DriverCure
[2012/08/05 14:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\SpeedMaxPc
[2012/08/05 14:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/08/02 18:51:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/02 18:51:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kacie and Brad\Recent
[2012/08/02 18:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/02 17:55:15 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/07/18 18:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\My Documents\My Streaming Media
[2012/07/18 18:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\Jaksta_Technologies_Pty_L
[2012/07/18 18:09:19 | 000,028,256 | ---- | C] (Applian Technologies Inc.) -- C:\WINDOWS\System32\drivers\appliand.sys
[2012/07/18 18:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Applian Technologies
[2012/07/18 18:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/07/18 18:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\Application Data\Replay Media Catcher 4
[2012/07/18 18:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applian
[2012/07/18 17:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kacie and Brad\My Documents\YOUTUBE VIDEOS

========== Files - Modified Within 30 Days ==========

[2012/08/12 07:54:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/11 16:47:58 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/11 15:14:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/11 14:19:44 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/08/11 14:19:44 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/08/11 14:19:44 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/08/11 14:19:44 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/08/11 13:48:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/11 13:48:06 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 18:19:27 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/08/10 18:18:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/10 17:48:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/10 17:28:16 | 004,728,003 | R--- | M] (Swearware) -- C:\Documents and Settings\Kacie and Brad\Desktop\ComboFix.exe
[2012/08/07 07:08:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kacie and Brad\Desktop\aswMBR.exe
[2012/08/06 17:28:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kacie and Brad\Desktop\OTL.exe
[2012/08/05 18:32:22 | 000,713,253 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/08/05 16:20:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2012/08/05 16:20:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/08/05 16:18:06 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/05 16:18:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/08/05 16:10:03 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/05 16:04:02 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01009.Wdf
[2012/08/05 16:03:34 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2012/08/03 17:00:30 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 18:51:12 | 000,495,880 | ---- | M] () -- C:\Documents and Settings\Kacie and Brad\My Documents\cc_20120802_185102.reg
[2012/08/02 17:55:23 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Kacie and Brad\Application Data\mbam.context.scan
[2012/08/01 18:37:25 | 000,000,272 | ---- | M] () -- C:\{07ABBA21-91BA-4079-9ED3-B809D4C15320}
[2012/07/22 16:30:43 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\Kacie and Brad\default.pls

========== Files Created - No Company Name ==========

[2012/08/10 17:48:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/10 17:48:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/10 17:32:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/10 17:32:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/10 17:32:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/10 17:32:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/10 17:32:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/05 18:31:30 | 000,713,253 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/08/05 16:20:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2012/08/05 16:20:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2012/08/05 16:18:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2012/08/05 16:04:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01009.Wdf
[2012/08/05 16:03:34 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2012/08/05 16:00:00 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/03 16:56:58 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 18:51:04 | 000,495,880 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\My Documents\cc_20120802_185102.reg
[2012/08/02 17:55:23 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\mbam.context.scan
[2012/08/01 18:37:25 | 000,000,272 | ---- | C] () -- C:\{07ABBA21-91BA-4079-9ED3-B809D4C15320}
[2012/03/13 15:15:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2012/03/13 15:15:22 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/12/31 12:22:40 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\.backup.dm
[2011/12/16 19:10:41 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2011/12/16 19:10:40 | 000,000,204 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2011/12/08 06:48:22 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2011/12/08 06:48:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2011/12/08 06:48:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2011/11/21 13:52:24 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2011/11/07 08:27:50 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\SMRResults210.dat
[2010/10/03 02:42:30 | 008,665,685 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\Justin Bieber - Never Say Never ft Jaden Smith.zip
[2008/10/31 17:44:35 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\jagex_runescape_preferences.dat
[2008/10/10 16:41:30 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/11/01 07:18:44 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\default.pls
[2007/10/30 18:01:10 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/30 17:15:22 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Kacie and Brad\Application Data\wklnhst.dat

========== LOP Check ==========

[2012/07/18 18:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2008/06/08 10:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/01/17 16:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2012/03/13 16:14:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/12 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gFj31002gDiMm31002
[2011/11/14 19:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/08/11 15:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/04/30 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Movavi Video Converter 6
[2007/12/31 08:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/24 18:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2010/09/01 19:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/02/17 17:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/08/05 14:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2011/10/31 17:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/09/06 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/08/05 14:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/08/05 15:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2007/10/23 23:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/12/28 20:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/01/04 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/06/30 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/05 18:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/15 09:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/04/10 12:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\BitZipper
[2011/09/13 07:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\DocumentsToGoDesktop
[2012/08/05 14:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\DriverCure
[2011/01/22 08:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\fhnetwork.com
[2012/03/01 06:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\FrostWire
[2008/05/18 15:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Leadertech
[2010/12/31 10:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\MOVAVI
[2010/12/31 10:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Movavi Video Converter 10
[2010/12/31 10:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Movavi Video Suite 9
[2011/04/24 07:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\MP3Rocket
[2007/12/31 08:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\NCH Swift Sound
[2008/02/25 19:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Nokia
[2008/02/17 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\PC Suite
[2012/08/05 14:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\PC Utility Kit
[2011/04/09 07:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Publish Providers
[2012/07/18 18:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Replay Media Catcher 4
[2007/12/23 10:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\SlySoft
[2011/04/09 07:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Sony
[2011/04/09 07:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Sony Setup
[2012/08/05 14:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\SpeedMaxPc
[2012/08/05 15:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\SpeedyPC Software
[2007/10/30 17:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Template
[2012/08/05 18:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\TestApp
[2010/10/22 17:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\Tific
[2008/01/08 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\tmp
[2010/12/28 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\TomTom
[2012/08/12 08:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kacie and Brad\Application Data\uTorrent

========== Purity Check ==========



< End of report >
  • 0

#8
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Here are some links to some free antivirus programs:

Note: Only run one antivirus program on your computer at any one time!

I personally like and use Microsoft Security Essentials because it is light on system resources and I like the clean, simple interface.


Step 1

Please uninstall the following program via Control Panel > Add/Remove Programs (if present):

  • uTorrent

I recommend you uninstall your P2P program, uTorrent. P2P programs are bad because shared files can contain security risks such as viruses, spyware and other unwanted software. The files distributed on these sites are packed with malware and are distributed all over the internet. You don't know where they have been, someone could have infected the files with malware.


Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [CREATERESTOREPOINT] 
    
    :OTL 
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4063963471-3319270732-2739231535-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2011/04/12 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gFj31002gDiMm31002
    
    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=- 
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-
    
    :Files
    C:\Documents and Settings\All Users\Application Data\gFj31002gDiMm31002
    ipconfig /flushdns /c
    
    :Commands 
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt

  • 0

#9
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP