Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

arestocrat virus/malware/spyware [Closed]


  • This topic is locked This topic is locked

#1
seadawg0000

seadawg0000

    New Member

  • Member
  • Pip
  • 4 posts
This is a followup to the earlier discussion re: Arestocrat. I have the same problem as "cdredmond", but am unable to access my system by Safe Mode, Earlier Configuration, or Safe Mode with Networking. My Dell Laptop, running Windows XP will boot up but before I can access any other applications, an "extortion" screen takes over and I am unable to go anywhere after that. The "extortion screen" is a full size window that says you have to pay a release fee of $300 via MoneyPak.

Shortly before this first occured, I received an alert from my Norton antivirus that it had blocked a "beaver baptist" java attack.
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello seadawg0000

Lets see if we can get this to run

  • Download OTLPE from either location and save it to your desktop:

    http://oldtimer.geek...om/OTLPEStd.exe
    http://ottools.noahd...et/OTLPEStd.exe
  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPE Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click Posted Image to start the burn process
  • You will see a dialog "Operation successfully completed"
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first

    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press "OK"
  • OTL should now start.
  • Push Posted Image
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your next reply.

Gringo
  • 0

#3
seadawg0000

seadawg0000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 4/3/2013 11:16:13 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 44.90 Gb Free Space | 40.19% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2008/02/01 13:15:02 | 001,251,720 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/02/13 22:47:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/06/29 13:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 13:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2005/08/30 18:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (vpnva)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (CSVirtA)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/03/21 21:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/26 10:17:26 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130402.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/26 10:17:26 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130402.003\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/13 16:40:57 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/09/13 16:40:57 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/09/12 15:27:58 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130330.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/06/12 15:03:48 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS -- (SymIRON)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/24 18:27:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2007/02/13 22:01:54 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/30 11:08:32 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/06/14 00:56:34 | 000,155,264 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/09 22:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/20 18:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 18:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/28 14:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/05 01:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/22 10:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/10 10:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/03 13:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/28 21:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/15 19:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/01 17:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 19:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/04/06 10:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/01/06 14:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2002/09/20 15:15:42 | 000,472,396 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://localhost:9100/proxy.pac

IE - HKU\David_D_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\David_D_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\David_D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\David_D_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.6a:
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1:
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/01 22:01:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2013/04/03 10:00:54 | 000,000,000 | ---D | M]

[2010/12/22 10:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David D\Application Data\Mozilla\Firefox\Profiles\n5x9yaqd.default\extensions
[2010/12/22 10:03:36 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\David D\Application Data\Mozilla\Firefox\Profiles\n5x9yaqd.default\extensions\[email protected]
[2007/11/20 14:23:41 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\David D\Application Data\Mozilla\Firefox\Profiles\n5x9yaqd.default\extensions\[email protected]
[2010/06/26 12:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 15:09:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\GOOGLE\WEB ACCELERATOR\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/06/11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\David_D_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\David_D_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\David_D_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\David_D_ON_C..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [IETI] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\David D\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\David D\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\David_D_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.corp.epa...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://in2books.web...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/13 18:00:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3ecd71bc-bd0d-11db-a7ba-001641b52b99}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{61b4e712-c542-11dc-adde-001641b52b99}\Shell - "" = AutoRun
O33 - MountPoints2\{61b4e712-c542-11dc-adde-001641b52b99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61b4e712-c542-11dc-adde-001641b52b99}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAAV/CAInstallationMenu.html
O33 - MountPoints2\{8697a8e2-d849-11dd-b18c-001641b52b99}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{e896cfc1-bb7f-11db-87f9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e896cfc1-bb7f-11db-87f9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e896cfc1-bb7f-11db-87f9-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/04/02 16:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2013/04/02 16:03:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2013/03/25 18:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/25 18:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/24 14:46:44 | 000,047,104 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escimgn.dll
[2013/03/24 14:46:44 | 000,047,104 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escimgd.dll
[2013/03/24 14:46:44 | 000,035,840 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwian.dll
[2013/03/24 14:46:44 | 000,032,256 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiad.dll
[2013/03/24 14:46:44 | 000,032,256 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiab.dll
[2013/03/24 14:46:44 | 000,027,648 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escimg.dll
[2013/03/24 14:46:43 | 000,086,016 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\Epfb5cpl.dll
[2013/03/24 14:46:43 | 000,033,280 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esccm.dll
[2013/03/24 14:46:43 | 000,023,552 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esccmn.dll
[2013/03/24 14:46:43 | 000,022,528 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esccmd.dll
[2013/03/24 14:46:41 | 000,053,248 | ---- | C] (SEIKO EPSON Corp.) -- C:\WINDOWS\System32\ESICM.dll
[2013/03/24 14:46:40 | 000,184,320 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\ESDTR.dll
[2013/03/24 14:46:40 | 000,126,976 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\Esint23.dll
[2013/03/24 14:46:40 | 000,090,112 | ---- | C] (SEIKO EPSON CORP) -- C:\WINDOWS\System32\epcomdd.dll
[2013/03/24 14:46:40 | 000,077,824 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\Esintpl.dll
[2013/03/24 14:46:07 | 000,000,000 | ---D | C] -- C:\epson
[2013/03/24 10:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David D\My Documents\Bluetooth
[2013/03/24 10:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David D\My Documents\Misc Folders
[2013/03/23 15:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/03/23 15:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/22 16:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David D\My Documents\Methodology
[2013/03/22 16:51:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David D\My Documents\Dropbox
[2013/03/22 16:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/03/22 16:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David D\Start Menu\Programs\Dropbox
[2013/03/22 16:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David D\Application Data\Dropbox
[2013/03/22 11:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData
[2013/03/22 08:57:13 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/22 08:57:13 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2008/04/15 14:01:26 | 000,389,120 | ---- | C] (IBM Corporation) -- C:\Documents and Settings\David D\stas75_20060810.0001.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/03 10:02:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/03 10:01:55 | 000,242,713 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/04/03 10:00:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2013/04/03 10:00:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/03 09:35:17 | 000,242,713 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/04/03 08:56:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/03 08:52:41 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A35C8703-4803-4983-8CC0-72D1B1893EE8}.job
[2013/04/02 17:33:45 | 000,508,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/02 17:33:44 | 000,091,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/02 16:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2013/04/02 15:20:28 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/04/02 15:18:23 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/04/02 15:08:11 | 000,056,600 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/04/02 12:55:06 | 000,037,695 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\micropact prg mgr PMO.pdf
[2013/04/02 12:19:05 | 000,023,292 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Aerolink FBI Prog.pdf
[2013/04/02 12:05:20 | 000,055,226 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\ARC Sr Project Mgr.pdf
[2013/04/01 15:35:19 | 000,042,930 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\CEB Sr Dir Mrkt and Prog Mgt.pdf
[2013/04/01 12:32:14 | 000,030,793 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Symantec Consulting PM.pdf
[2013/03/30 16:46:10 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\MS Word 2003.lnk
[2013/03/28 10:13:54 | 000,059,307 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Caradigm - Sr Prg Mgr Intel Platform.pdf
[2013/03/28 10:07:08 | 000,047,939 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Lab49 Sr Delivery PM.pdf
[2013/03/26 15:23:54 | 000,027,457 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\SAIC Prg Mgr Sec Def.pdf
[2013/03/25 18:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/25 18:10:54 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/24 17:33:10 | 000,035,182 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\deltek sr pm.pdf
[2013/03/24 16:24:44 | 000,100,887 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Zandergreen-Project-Manager.pdf
[2013/03/24 16:23:49 | 000,034,031 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Gannett PMP Gannett Digital.pdf
[2013/03/24 15:03:16 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2013/03/24 15:03:13 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Scanner and Camera Wizard (2).lnk
[2013/03/24 10:08:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/24 10:08:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/23 15:27:37 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2013/03/23 15:27:36 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr
[2013/03/23 15:20:27 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/23 15:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/03/23 14:52:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David D\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/03/23 12:53:00 | 000,109,712 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\ccci Sr PM.pdf
[2013/03/23 12:43:20 | 000,032,963 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\k12 sr pm.pdf
[2013/03/22 20:28:48 | 000,155,136 | ---- | M] () -- C:\Documents and Settings\David D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/22 16:51:16 | 000,001,022 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Dropbox.lnk
[2013/03/22 16:44:55 | 000,001,052 | ---- | M] () -- C:\Documents and Settings\David D\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/16 15:04:13 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\David D\Desktop\Vz In-Home Agent.lnk
[2013/03/14 03:07:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/14 03:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/02 15:20:26 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/04/02 15:18:21 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/04/02 15:08:16 | 000,056,600 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/04/02 12:19:05 | 000,023,292 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Aerolink FBI Prog.pdf
[2013/04/02 12:05:20 | 000,055,226 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\ARC Sr Project Mgr.pdf
[2013/04/02 11:50:05 | 000,037,695 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\micropact prg mgr PMO.pdf
[2013/04/01 15:35:19 | 000,042,930 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\CEB Sr Dir Mrkt and Prog Mgt.pdf
[2013/04/01 12:32:14 | 000,030,793 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Symantec Consulting PM.pdf
[2013/03/28 10:13:54 | 000,059,307 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Caradigm - Sr Prg Mgr Intel Platform.pdf
[2013/03/28 10:07:08 | 000,047,939 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Lab49 Sr Delivery PM.pdf
[2013/03/26 15:23:54 | 000,027,457 | ---- | C] () -- C:\Documents and Settings\David De\Desktop\SAIC Prg Mgr Sec Def.pdf
[2013/03/24 17:33:10 | 000,035,182 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\deltek sr pm.pdf
[2013/03/24 16:24:44 | 000,100,887 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Zandergreen-Project-Manager.pdf
[2013/03/24 16:23:49 | 000,034,031 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Gannett PMP Gannett Digital.pdf
[2013/03/24 15:03:13 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Scanner and Camera Wizard (2).lnk
[2013/03/23 15:20:27 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/23 12:53:00 | 000,109,712 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\ccci Sr PM.pdf
[2013/03/23 12:43:20 | 000,032,963 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\k12 sr pm.pdf
[2013/03/22 16:51:16 | 000,001,022 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Dropbox.lnk
[2013/03/22 16:44:54 | 000,001,052 | ---- | C] () -- C:\Documents and Settings\David D\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/14 18:17:28 | 000,002,531 | ---- | C] () -- C:\Documents and Settings\David D\Desktop\Vz In-Home Agent.lnk
[2011/02/28 08:18:31 | 000,267,966 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-73586283-725345543-1003-0.dat
[2011/01/26 23:22:13 | 000,267,966 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 13:48:15 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\David D\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/07 13:41:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/12 11:50:48 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\David D\Cache.db
[2010/07/24 08:29:36 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\s-1-5-19.rrr
[2010/07/24 08:29:35 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\s-1-5-20.rrr
[2009/12/24 08:59:30 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\David D\Application Data\setup_ldm.iss
[2009/09/12 20:39:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/09 19:53:38 | 000,056,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/10 13:19:32 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\David D\.recently-used.xbel
[2008/08/08 10:42:38 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/08/08 10:40:58 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600g.ini
[2008/08/08 10:38:21 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600m.ini
[2008/07/29 21:42:34 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\David D\g2mdlhlpx.exe
[2008/07/01 18:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VIU08.INI
[2008/05/28 13:43:19 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\David D\GoToAssistDownloadHelper.exe
[2008/03/04 15:03:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/15 18:13:28 | 000,001,391 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/16 10:03:25 | 000,001,064 | RH-- | C] () -- C:\Documents and Settings\David D\XrxWm.ini
[2007/10/16 10:03:25 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\David D\xw45cpdy.dyc
[2007/10/03 16:55:01 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2007/10/03 16:52:46 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/10/03 16:49:31 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2007/08/31 14:33:10 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/12 18:47:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David D\Application Data\.googlewebacchosts
[2007/05/04 14:42:36 | 000,000,141 | ---- | C] () -- C:\WINDOWS\asym.ini
[2007/05/04 14:42:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\mtb30.ini
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/25 17:05:26 | 000,016,097 | ---- | C] () -- C:\Documents and Settings\David D\Application Data\Comma Separated Values (Windows).EML
[2007/02/20 17:02:54 | 000,009,723 | ---- | C] () -- C:\Documents and Settings\David D\Application Data\export_microsoft_outlook.csv.3661093.xml
[2007/02/20 17:02:53 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\David D\Application Data\BCMMappings.xml
[2007/02/14 21:09:16 | 000,032,501 | ---- | C] () -- C:\Documents and Settings\David D\Application Data\Comma Separated Values (Windows).ADR
[2007/02/14 00:37:27 | 000,028,211 | ---- | C] () -- C:\Documents and Settings\David D\Application Data\Tab Separated Values (DOS).ADR
[2007/02/13 21:33:02 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/13 21:31:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/13 20:10:21 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\David D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/13 19:52:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/02/13 19:39:06 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/02/13 19:06:41 | 000,242,713 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/02/13 19:06:10 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/02/13 19:06:10 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/02/13 19:06:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/02/13 19:06:06 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/02/13 19:06:05 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/02/13 19:06:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/02/13 19:06:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/02/13 19:05:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/02/13 19:05:56 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/02/13 18:42:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\David D\Local Settings\Application Data\fusioncache.dat
[2007/02/13 18:29:27 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/13 18:03:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/02/13 17:57:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/13 12:45:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/13 12:43:32 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/01 22:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,508,554 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,091,190 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/10/16 16:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\.purple
[2007/02/13 21:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\acccore
[2009/03/20 13:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\DAEMON Tools
[2010/12/22 10:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\DAEMON Tools Lite
[2009/03/20 13:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\DAEMON Tools Pro
[2013/04/03 10:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\Dropbox
[2008/09/30 18:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\FileZilla
[2010/08/01 15:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\GARMIN
[2008/10/10 12:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\gtk-2.0
[2009/10/07 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\ICAClient
[2010/11/28 19:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\Image Zone Express
[2007/03/20 12:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\LinkedIn
[2010/06/26 12:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\MSNInstaller
[2007/02/13 19:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\OfficeUpdate12
[2010/06/06 20:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\Tific
[2008/08/08 15:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\TimeBridge
[2009/08/31 17:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\uTorrent
[2010/06/26 13:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\Viewpoint
[2007/04/04 19:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David D\Application Data\webex
[2013/03/23 15:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2008/07/28 16:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/04/03 18:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/05/28 13:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/11/24 18:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2007/02/13 19:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/06/12 14:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2013/04/03 10:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/26 13:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/29 16:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/20 11:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/06 14:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 13:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 12:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/04/03 08:52:41 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A35C8703-4803-4983-8CC0-72D1B1893EE8}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello seadawg0000

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\.DEFAULT..\RunOnce: [IETI] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
    O18 - Protocol\Filter\x-sdch - No CLSID value found
    [2013/04/02 15:20:28 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
    [2013/04/02 15:18:23 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
    [2013/04/02 15:08:11 | 000,056,600 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
    
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
  • 0

#5
seadawg0000

seadawg0000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IETI deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\David_D_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\David_D_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\David_D_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\1.bmp moved successfully.
C:\Documents and Settings\All Users\Application Data\1.jpg moved successfully.
C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptyjava] > in the current context!

[EMPTYFLASH]

User: All Users

User: David D
->Temp folder emptied: 5106624 bytes
->Temporary Internet Files folder emptied: 14516804 bytes
->Java cache emptied: 58962662 bytes
->FireFox cache emptied: 3165461 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1523881 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49621 bytes

Total Flash Files Cleaned = 80.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 04032013_175715
  • 0

#6
seadawg0000

seadawg0000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I am able to now boot up the laptop, so far no "extortion screen". I did get some alerts that Windows suffered a severe error, but I canceled those out. I am now running a full scan of Norton to see if it triggers on anything.
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello seadawg0000


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP