TDSS and Fake Security, have I cleaned it?

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

TDSS and Fake Security, have I cleaned it? Symptoms are mostly gone, but is it really clean

#1 ppctx

New Member

Group: Members
Posts: 4
Joined: 29-July 11

Posted 29 July 2011 - 09:37 PM

TDSS and Fake Security Virus, am I clean? Please tell me if I'm out of line or not following standards for posting.

My issues seem to be resolved but after reading up on some of the nasties that are out and having gotten into a bit of it, it would be so cool if someone could give me a check to see if I’m cured or just fixed some symptoms. I can't believe Bleeping doesn't pre-charge for the assistance you provide.

Operating System and Tools Recently Used
WindowsXP SP3 using Classic Start menu
TDSSKiller
Malwarebytes’
Unhide
DeFogger - CD Emulation OFF

Major Acute Symptoms I Recall
All icons and folders hidden
Only IE8 and Outlook shortcuts found in Start>Programs
Windows Task Manager was disabled by Administrator
Didn’t try IE as I pulled the HD for scanning in another computer quickly
After cleaning, Open Last Browsing Session was grayed out in IE

How it started (to the best of my knowledge)
About a month ago, what I believe was the Fake Security Virus popped up on my screen telling me I was in all sorts of danger. Spent a day or two, but found an application that was supposed to rid me of the issue. All problems seemed to have been cleared up. Then the (quasi virus) Norton Internet Security started warning me about 25 day ago, every startup, that my subscription was about to expire and I needed to renew. Being the procrastinator I am, I keep putting off looking for the best security suite available. Come down to the final day of subscription and poof, all mayhem broke loose. What I think was the Fake Security popped up. I did a quick Google on security alternatives, found Avast was getting good review, downloaded it, halfway thru install setup, computer said it needed to restart and did. Upon reboot, it just kept cycling thru reboot and not quite making it to the Windows Logo. Pulled the HD and scanned it on another computer via Avast. Not sure if these are from logs of Avast or something completely unrelated but from a couple of txt file in the C drive, BcBtRmv.txt > Deleted file: C:WINDOW\SYSTEM32\DRIVERS\BCBTHUB.SYS. There are two other txt, ApInsTmp.txt and bcmwl5.txt, both contain text [InstallShield Silent], Version=V7.00 for one, V6.00 for the other. Another thing I found by browsing my files, C:\Documents and Settings\All Users\Application Data\ P1kAlMiG2Kb7Fz. After that I used TDSSKiller, from the log, Rootkit.Boot.SST.a – Cured. Put HD back in original pc. Above symptom were then found. Some more Googling produce resolutions to all these know issues. Ran Malwarebytes’ and it deleted
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

dds.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Shannon at 19:20:01 on 2011-07-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.734 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\shannon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VVpKbUACvhuU] c:\documents and settings\all users\application data\VVpKbUACvhuU.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)" -"http://www.yukyuk.com/yy_johnnyskank.shtml"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: accessallstate.com
Trusted Zone: allstate.com
Trusted Zone: allstate.com\agencygateway
Trusted Zone: allstate.com\agencygateway1
Trusted Zone: allstate.com\agencygateway2
Trusted Zone: allstate.com\allianceweb
Trusted Zone: allstate.com\mymail
Trusted Zone: allstatehelp.com
Trusted Zone: custhelp.com
Trusted Zone: gotoassist.com
Trusted Zone: insmark.com
Trusted Zone: insmark.us
Trusted Zone: insmarkstore.com
Trusted Zone: sumtotalsystems.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198947594312
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3D1B7158-C214-4303-8B7E-013116707FB0} : DhcpNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\508\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-27 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-27 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-27 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-27 42184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-17 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-17 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-16 136176]
S3 cpuz132;cpuz132;\??\c:\docume~1\shannon\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\shannon\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-16 136176]
S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-17 41272]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2010-1-12 217088]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-28 00:24:26 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-28 00:24:14 40112 ----a-w- c:\windows\avastSS.scr
2011-07-28 00:24:05 -------- d-----w- c:\program files\AVAST Software
2011-07-28 00:24:05 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-07-27 02:23:12 -------- d-sh--w- C:\found.000
2011-07-26 00:54:30 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-17 14:31:02 -------- d-----w- c:\documents and settings\shannon\application data\Adobe Mini Bridge CS5
2011-07-17 14:31:01 -------- d-----w- c:\documents and settings\shannon\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
.
==================== Find3M ====================
.
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 15:06:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
1999-10-31 02:54:32 561152 ----a-w- c:\program files\Convert.exe
.
============= FINISH: 19:21:29.51 ===============

Attached File(s)

attach.txt (18.05K)
Number of downloads: 2
Ark.txt (124.17K)
Number of downloads: 0

#2 Noviciate

Forum Addict

Group: Malware Response Team
Posts: 3,676
Joined: 01-November 05
Gender:Male
Location:Numpty HQ

Posted 30 July 2011 - 04:18 PM

Good evening.

Pay a visit to the ESET Online Scanner.

Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
Click the Run ESET Online Scanner button in the new window.
If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
When you see the Computer Scan Settings window, you will need to make the following changes:
- UNCHECK Remove found threats - this is important.
- Check Scan archives
- Click on Advanced settings
- Check Scan for potentially unsafe applications
Once ready, click Start to begin - not a surprise really!
The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
Click List of found threats and then Export to text file... and save the log somewhere convenient.
You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also let me know how the PC is behaving.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTL by OldTimer from here and save it to your Desktop.

Double click the tool to run it.
Click the Quick Scan button and allow it to do it's thing.
Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
It should also save copies in the same location as OTL.
I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Quote

I can't believe Bleeping doesn't pre-charge for the assistance you provide.

If it will make you fell any happier, please feel free to PM me your credit card details - i'll look after them, honest! :whistle:

Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#3 ppctx

New Member

Group: Members
Posts: 4
Joined: 29-July 11

Posted 31 July 2011 - 07:46 AM

PC behaves fine. Only noticeable annoyance is the IE menu bar and the bar that open pages are on is black, doesn’t have text, but still functions via hunt and peck to find the right drop down. I’m most worried about things, nasties, running in the background. Wow, posting all the inners of my puter feels like I'm letting the world look in my underwear drawer.

ESET Online Scan
C:\Documents and Settings\Shannon\Application Data\Sun\Java\Deployment\cache\6.0\10\efcba0a-4f015c65 Java/Exploit.CVE-2009-3867.AJ trojan
C:\Documents and Settings\Shannon\Application Data\Sun\Java\Deployment\cache\6.0\17\6486e391-25d7233e Java/Exploit.Agent.NAA trojan
C:\Documents and Settings\Shannon\Desktop\1gb\Validation\WPatcher\WPATCHERP5575987.RAR a variant of Win32/PSWTool.RAS.A application <<< Junk File

OTL Logfile
OTL logfile created on: 7/31/2011 7:12:38 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Shannon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 22.92% Memory free
3.85 Gb Paging File | 2.51 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 60.95 Gb Free Space | 54.52% Space Free | Partition Type: NTFS
Drive D: | 111.78 Gb Total Space | 26.13 Gb Free Space | 23.38% Space Free | Partition Type: NTFS
Drive F: | 4.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DV9500T | User Name: Shannon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/31 07:11:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon\Desktop\OTL.scr
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/29 18:22:28 | 000,638,976 | R--- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2001/10/08 13:59:36 | 000,049,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Fast.exe
PRC - [2001/10/08 13:59:36 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe

========== Modules (SafeList) ==========

MOD - [2011/07/31 07:11:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon\Desktop\OTL.scr
MOD - [2011/07/04 06:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/12 18:24:20 | 000,217,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2008/05/27 11:12:22 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2001/10/08 13:59:36 | 000,049,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\Fast.exe -- (InteractiveLogon)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/25 00:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/02/05 09:45:18 | 000,202,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/17 07:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 07:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007/12/05 17:30:36 | 004,632,576 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/10/31 19:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/16 22:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/01/29 18:26:24 | 000,984,832 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/12/22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/29 10:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Shannon\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Shannon\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Shannon\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Shannon\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker

O1 HOSTS File: ([2010/09/20 18:10:56 | 000,001,251 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [VVpKbUACvhuU] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O15 - HKCU\..Trusted Domains: accessallstate.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([agencygateway] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([agencygateway1] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([agencygateway2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([allianceweb] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstate.com ([mymail] * in Trusted sites)
O15 - HKCU\..Trusted Domains: allstatehelp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: custhelp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gotoassist.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: insmark.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: insmark.us ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: insmarkstore.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sumtotalsystems.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198947594312 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/29 03:06:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (>) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 07:11:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shannon\Desktop\OTL.scr
[2011/07/31 05:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/29 19:07:11 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Shannon\Desktop\dds.scr
[2011/07/28 19:03:40 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Shannon\Desktop\TDSSKiller.exe
[2011/07/28 19:00:37 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shannon\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/27 21:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon\Application Data\vlc
[2011/07/27 21:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/27 20:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon\Application Data\HotSync
[2011/07/27 20:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/07/27 19:24:27 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/27 19:24:27 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/27 19:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/27 19:24:26 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/27 19:24:26 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/27 19:24:26 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/27 19:24:26 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/27 19:24:26 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/27 19:24:26 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/27 19:24:14 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/27 19:24:14 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/27 19:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/27 19:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/26 21:23:12 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/07/26 18:34:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Shannon\Recent
[2011/07/25 19:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/25 19:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon\Start Menu\Programs\System Repair
[2011/07/17 09:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon\Application Data\Adobe Mini Bridge CS5
[2011/07/17 09:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/16 12:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon\Desktop\Craigslist
[2011/07/10 08:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shannon\Desktop\Client Bridged - DD-WRT Wiki_files
[2007/12/30 17:00:10 | 000,561,152 | ---- | C] (Joshua F. Madison) -- C:\Program Files\Convert.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 07:11:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shannon\Desktop\OTL.scr
[2011/07/31 07:09:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-484763869-839522115-1003UA.job
[2011/07/31 06:45:03 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/31 05:29:12 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2011/07/31 05:13:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/31 04:54:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 04:54:36 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/31 04:54:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/30 08:24:01 | 000,057,148 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\F87D74D82DB6557FC7BFAD6DCCE3CFF2B7B738DD.torrent
[2011/07/30 08:22:36 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\FinalGear.com Shows Top Gear Season 14.url
[2011/07/29 19:07:14 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Shannon\Desktop\dds.scr
[2011/07/29 18:26:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Shannon\defogger_reenable
[2011/07/29 18:25:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\Defogger.exe
[2011/07/28 22:09:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-484763869-839522115-1003Core.job
[2011/07/28 19:00:41 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shannon\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/28 18:42:24 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\Virus Cleaned - All files, folders HIDDEN SYSTEM - SOLVED! - PCMech Forums (2).url
[2011/07/28 18:28:49 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\Enable_IE8_Reopen_Last_Browsing_Session.reg
[2011/07/27 20:59:56 | 000,000,094 | ---- | M] () -- C:\WINDOWS\family.ini
[2011/07/27 20:43:53 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\YouTube - Frank Leto's Ladybug Ladybug Song.url
[2011/07/27 20:12:39 | 000,000,375 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\Solution for missing start menu shortcuts - PCMech Forums.url
[2011/07/27 20:12:14 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\Virus Cleaned - All files, folders HIDDEN SYSTEM - SOLVED! - PCMech Forums.url
[2011/07/27 19:50:39 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\unhide.exe
[2011/07/27 19:24:27 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/25 19:43:25 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/07/25 19:43:25 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/07/25 19:43:19 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/07/21 21:06:54 | 003,621,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/21 17:33:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/20 23:09:02 | 000,550,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/20 23:09:02 | 000,107,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\gmer.exe
[2011/07/11 16:58:52 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Shannon\Desktop\TDSSKiller.exe
[2011/07/10 10:20:06 | 000,206,162 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\fios3.JPG
[2011/07/10 08:18:46 | 000,015,506 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\Client Bridged - DD-WRT Wiki.htm
[2011/07/07 21:13:45 | 000,206,825 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\fios2.JPG
[2011/07/07 21:08:18 | 000,418,598 | ---- | M] () -- C:\Documents and Settings\Shannon\Desktop\RainBird ESP-8Si.pdf
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 06:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 06:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 06:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 06:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 06:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 08:24:07 | 000,057,148 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\F87D74D82DB6557FC7BFAD6DCCE3CFF2B7B738DD.torrent
[2011/07/30 08:22:36 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\FinalGear.com Shows Top Gear Season 14.url
[2011/07/29 19:30:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\gmer.exe
[2011/07/29 18:26:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Shannon\defogger_reenable
[2011/07/29 18:25:00 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\Defogger.exe
[2011/07/28 18:28:57 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\Enable_IE8_Reopen_Last_Browsing_Session.reg
[2011/07/27 20:59:56 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2011/07/27 20:12:38 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\Solution for missing start menu shortcuts - PCMech Forums.url
[2011/07/27 20:12:24 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\Virus Cleaned - All files, folders HIDDEN SYSTEM - SOLVED! - PCMech Forums (2).url
[2011/07/27 20:12:13 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\Virus Cleaned - All files, folders HIDDEN SYSTEM - SOLVED! - PCMech Forums.url
[2011/07/27 20:10:28 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2011/07/27 20:10:28 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/07/27 20:10:28 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Sansa Media Converter.lnk
[2011/07/27 20:10:28 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerToy Calculator.lnk
[2011/07/27 20:10:28 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/27 20:10:28 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/27 20:10:28 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk
[2011/07/27 20:10:28 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Convert.lnk
[2011/07/27 20:10:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/27 20:10:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/07/27 20:10:26 | 000,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/07/27 20:10:26 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/27 20:10:26 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/27 19:50:37 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\unhide.exe
[2011/07/27 19:24:27 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/25 19:43:25 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/07/25 19:43:25 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/07/25 19:43:19 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/07/25 19:00:50 | 000,200,782 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\ubase410.ddb
[2011/07/22 22:04:47 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-484763869-839522115-1003UA.job
[2011/07/22 22:04:47 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-484763869-839522115-1003Core.job
[2011/07/21 17:31:51 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/07/10 10:20:05 | 000,206,162 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\fios3.JPG
[2011/07/10 08:18:39 | 000,015,506 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\Client Bridged - DD-WRT Wiki.htm
[2011/07/07 21:13:45 | 000,206,825 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\fios2.JPG
[2011/07/07 21:08:18 | 000,418,598 | ---- | C] () -- C:\Documents and Settings\Shannon\Desktop\RainBird ESP-8Si.pdf
[2011/06/19 08:12:45 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0609.old
[2011/06/19 07:06:26 | 000,018,642 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h5j433t77k
[2011/06/19 07:06:25 | 000,018,642 | -HS- | C] () -- C:\Documents and Settings\Shannon\Local Settings\Application Data\h5j433t77k
[2011/01/04 17:19:57 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Shannon\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/04 17:14:55 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/28 14:44:01 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/28 07:32:38 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv
[2010/11/18 19:38:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/18 19:38:15 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/18 19:38:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/18 19:31:23 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/09/12 10:24:16 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2010/09/12 10:24:09 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/09/05 16:55:03 | 000,018,064 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/21 07:40:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 09:32:00 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/11/08 10:46:47 | 000,000,437 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2009/01/27 20:52:49 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/07 10:15:34 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/07/16 14:35:28 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/29 21:50:16 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Shannon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 05:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/01/24 03:33:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/04 19:59:45 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Shannon\Local Settings\Application Data\fusioncache.dat
[2007/12/30 16:49:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/29 11:51:23 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/12/29 03:54:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/12/29 03:37:57 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/12/29 03:11:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/12/29 03:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/12/28 20:52:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/28 20:51:46 | 003,621,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:56:44 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 00:56:44 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 00:56:44 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 00:56:44 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 00:56:44 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/29 10:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2001/10/08 14:24:26 | 000,148,544 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/10/08 13:59:50 | 000,198,720 | ---- | C] () -- C:\WINDOWS\System32\timershot.exe
[2001/10/08 13:59:46 | 000,016,960 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2001/10/08 13:59:40 | 000,222,784 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2001/10/08 13:59:36 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 06:00:00 | 000,550,698 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 06:00:00 | 000,107,230 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1998/10/02 12:02:46 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\Opcenum.exe
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/07/27 19:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/04 13:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009/09/13 17:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/09/12 10:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2010/10/15 18:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/07/25 19:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/19 12:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/03/23 10:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2011/06/19 08:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/27 18:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/30 09:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\Azureus
[2010/11/24 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\BitComet
[2010/09/04 20:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/12 10:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\CheckPoint
[2010/10/31 07:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\CometPlayer
[2011/02/08 19:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\FileZilla
[2011/01/22 19:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\FlashFXP
[2009/09/15 20:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\GARMIN
[2010/09/16 20:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\gsak
[2011/07/27 20:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\HotSync
[2009/07/10 18:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\ICAClient
[2011/02/17 19:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\PriceGong
[2008/06/18 08:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\Publish Providers
[2011/07/27 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\SanDisk
[2008/06/18 07:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\Sony
[2011/07/17 09:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/31 07:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\TigerPlayer
[2010/12/04 16:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\TwonkyMedia
[2011/07/30 08:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\uTorrent
[2008/06/14 20:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shannon\Application Data\W Photo Studio Viewer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

OTL Extras Logfile
OTL Extras logfile created on: 7/31/2011 7:12:38 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Shannon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 22.92% Memory free
3.85 Gb Paging File | 2.51 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 60.95 Gb Free Space | 54.52% Space Free | Partition Type: NTFS
Drive D: | 111.78 Gb Total Space | 26.13 Gb Free Space | 23.38% Space Free | Partition Type: NTFS
Drive F: | 4.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DV9500T | User Name: Shannon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9030:TCP" = 9030:TCP:*:Enabled:BitComet 9030 TCP
"9030:UDP" = 9030:UDP:*:Enabled:BitComet 9030 UDP
"7921:TCP" = 7921:TCP:*:Enabled:BitComet 7921 TCP(ED2K)
"7921:UDP" = 7921:UDP:*:Enabled:BitComet 7921 UDP(ED2K)
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"21600:TCP" = 21600:TCP:*:Enabled:BitComet 21600 TCP
"21600:UDP" = 21600:UDP:*:Enabled:BitComet 21600 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Documents and Settings\Shannon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Shannon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe" = C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe:*:Enabled:eMule plugin host for BitComet -- (http://www.bitcomet.com)
"C:\Program Files\TwonkyMedia\twonkymediaserver.exe" = C:\Program Files\TwonkyMedia\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer
"C:\Program Files\TwonkyMedia\twonkymedia.exe" = C:\Program Files\TwonkyMedia\twonkymedia.exe:*:Enabled:TwonkyMedia
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B108883-2BEC-481F-BA08-18CF33990687}" = PaperVision Document Viewer Controls
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}" = Powertoys For Windows XP
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CA5E168-E323-4E48-BC1F-07FDEEF26A30}" = CalumSult
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C165C324-8139-4FA5-B99B-3321B4F4C918}" = Go Gateway Install
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F10D7345-AABF-443B-99BB-F2E776DD863D}" = BinViewer 2.0 Personal
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8461-7759-5462-8226" = Vuze
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"avast" = avast! Free Antivirus
"BitComet" = BitComet 1.25
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.5.1
"GoToAssist" = GoToAssist 8.0.0.508
"GSAK_is1" = GSAK 7.6.1.27 (Final)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3B108883-2BEC-481F-BA08-18CF33990687}" = PaperVision Document Viewer Controls
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NMPUninstallKey" = Nero Media Player
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PS3 Media Server" = PS3 Media Server
"Registry Mechanic_is1" = Registry Mechanic 6.0
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = OBD SCAN TECH NISSAN v1.29
"ST6UNST #2" = Nissan Data Scan
"ST6UNST #3" = Nissan Data Scan 1.52
"ST6UNST #4" = LaserBee Power Meter Interface
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TunerPro RT_is1" = TunerPro RT v4.14
"TunerPro_is1" = TunerPro v4.14
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Watcher, a GPX utility_is1" = Watcher 0.2.42
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8779250fc4a54fd4" = KA24DE Launch Control
"dcf01e13c62c2d58" = Go Gateway
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2011 10:21:38 PM | Computer Name = DV9500T | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 4/20/2011 9:32:52 PM | Computer Name = DV9500T | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6866.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2011 5:26:21 PM | Computer Name = DV9500T | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, stamp 48025c30,
faulting module shlwapi.dll, version 6.0.2900.5912, stamp 4b1e1b10, debug? 0, fault
address 0x000592d7.

Error - 5/29/2011 9:10:57 PM | Computer Name = DV9500T | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6866.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2011 12:13:46 AM | Computer Name = DV9500T | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 7/27/2011 9:25:46 PM | Computer Name = DV9500T | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6866.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/26/2011 11:04:56 PM | Computer Name = DV9500T | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/26/2011 11:04:56 PM | Computer Name = DV9500T | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON
SYMTDI
Tcpip

Error - 7/26/2011 11:06:27 PM | Computer Name = DV9500T | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/26/2011 11:06:34 PM | Computer Name = DV9500T | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/26/2011 11:06:36 PM | Computer Name = DV9500T | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/26/2011 11:08:27 PM | Computer Name = DV9500T | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/27/2011 9:16:07 PM | Computer Name = DV9500T | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe"
-Embedding

Error - 7/27/2011 9:16:16 PM | Computer Name = DV9500T | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe"
-Embedding

Error - 7/27/2011 9:16:25 PM | Computer Name = DV9500T | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe"
-Embedding

Error - 7/27/2011 10:04:34 PM | Computer Name = DV9500T | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe"
-Embedding

< End of report >

#4 Noviciate

Forum Addict

Group: Malware Response Team
Posts: 3,676
Joined: 01-November 05
Gender:Male
Location:Numpty HQ

Posted 31 July 2011 - 03:08 PM

Good evening.

Run OTL.exe.

Copy and paste the following into the Custom Scans/Fixes box at the bottom:

Quote
:OTL
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O4 - HKCU..\Run: [VVpKbUACvhuU] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Files
C:\Documents and Settings\Shannon\Desktop\1gb\Validation\WPatcher\WPATCHERP5575987.RAR

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Click the Run Fix button at the top.
Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.

Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#5 ppctx

New Member

Group: Members
Posts: 4
Joined: 29-July 11

Posted 01 August 2011 - 02:49 AM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\VVpKbUACvhuU deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Shannon\Desktop\1gb\Validation\WPatcher\WPATCHERP5575987.RAR not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 2059776 bytes
->Temporary Internet Files folder emptied: 507786 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 2055800 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Shannon
->Temp folder emptied: 2132256338 bytes
->Temporary Internet Files folder emptied: 474532948 bytes
->Java cache emptied: 91953491 bytes
->Flash cache emptied: 1544158 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3535998 bytes
%systemroot%\System32 .tmp files removed: 461193 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83699037 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 214541069 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 35220471 bytes

Total Files Cleaned = 2,902.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Shannon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08012011_021942

Files\Folders moved on Reboot...
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\UBRCF3HU\ads[1].htm moved successfully.
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\UBRCF3HU\comments[1].htm not found!
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\UBRCF3HU\google_com[1].htm moved successfully.
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\UBRCF3HU\like[1].htm not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\UBRCF3HU\like[2].htm not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\UBRCF3HU\like[3].htm not found!
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\UBRCF3HU\search[1].txt moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\UBRCF3HU\search[2].txt moved successfully.
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\adframe[1].htm not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\adframe[2].htm not found!
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\ads[1].htm moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\ads[2].htm moved successfully.
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\kellercitizen[1].htm not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\likebox[1].htm not found!
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\list_7453644_pioneer-elite-vsx_45_tx-specifications[1].html moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\tweet_button[1].html moved successfully.
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\OVBGUQEV\tweet_button[2].html not found!
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\MQANB20W\ads[1].htm moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\MQANB20W\ads[2].htm moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\MQANB20W\ads[5].htm moved successfully.
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\MQANB20W\cheers-and-jeersmay-7[1].htm not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\MQANB20W\ksf-10-5[1].txt not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\MQANB20W\like[1].htm not found!
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\7B92CK3G\sh47[1].html moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\6MCTPWXE\search[1].txt moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\ads[1].htm moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\ads[2].htm moved successfully.
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\Elite+Receivers[1].txt not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\fastbutton[1].htm not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\fastbutton[2].htm not found!
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\likebox[1].htm not found!
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\login_status[2].htm moved successfully.
C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\showthread[1].php moved successfully.
File\Folder C:\Documents and Settings\Shannon\Local Settings\Temporary Internet Files\Content.IE5\1QBPK3W2\topic411998[1].html not found!
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

This post has been edited by ppctx: 01 August 2011 - 03:26 AM

#6 Noviciate

Forum Addict

Group: Malware Response Team
Posts: 3,676
Joined: 01-November 05
Gender:Male
Location:Numpty HQ

Posted 01 August 2011 - 02:19 PM

Good evening.

That seemed to have gone OK - how's the PC behaving now?

Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#7 ppctx

New Member

Group: Members
Posts: 4
Joined: 29-July 11

Posted 01 August 2011 - 06:52 PM

Thank you, all seems tip top. Did any of the last things you did have any influence on the black favorites bar in IE. If you dont mind, I would like to PM you with a few questions.

#8 Noviciate

Forum Addict

Group: Malware Response Team
Posts: 3,676
Joined: 01-November 05
Gender:Male
Location:Numpty HQ

Posted 02 August 2011 - 02:30 PM

Good evening.

Quote

Did any of the last things you did have any influence on the black favorites bar in IE.

If it's better, then yes, otherwise no. If you are still having issues with it, start a fresh thread here and explain your problem. I figure it's an effect of the nasty and while I can find the nasties themselves, hopefully, you'll be better asking elsewhere to fix their actions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Quote

If you dont mind, I would like to PM you with a few questions.

Post them here if you have them - I don't get involved with help via PM as it can lead to issues.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

***Please close any instances of Internet Explorer before continuing!***

Double-click JavaRa.exe to begin.
Pick your preferred language from the drop-down menu and click Select.
Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.

3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

Team Numpty - Poking a finger in the eye of malware since a week last Thursday!