Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting Problem


  • This topic is locked This topic is locked
7 replies to this topic

#1 z-hawkeye

z-hawkeye

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 25 November 2009 - 05:54 PM

Yep, like some others I've found here, I've got the google redirecting problem when clicking on links after a search. At times, it works correctly...other times, we have to click on it 2-4 times before reaching the correct destination. They don't appear to be "bad" sites, but rather other search sites (mostly)...when the new window opens, I can see the correct address briefly, then it changes to another address and usually another address before anything loads. I've tried most of the popular spyware removal tools...attempted to catch something with MS Process Explorer, Process Monitor, File Monitor and ExeHound, but, no luck. Downloaded Norton Antivirus 2010 and while it found things that the spyware programs did not, it wasn't enough. I attempted a Kaspersky scan, but I'm not sure what happened...it took forever and I couldn't get a report. I've run the required scans, but after the Rootrepeal scan, I received a warning window that stated, "Warning - the number of SSDT entries from the kernel and the number on-disk are different (297 and 284). I will greatly appreciate any information or help as I've exhausted all my resources (basically, I've crashed and burned!). Here's my scan logs:


DDS (Ver_09-11-24.02) - NTFSx86
Run by Owner at 17:26:00.15 on Wed 11/25/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.696 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\our programs\spyware\spybot\spybot - search & destroy\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.0.0.136\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Spyware Begone] "c:\spywarebegone\SpywareBeGone.exe" -FastScan
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\2z91xtqb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\my stuff\firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\my stuff\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1101000.013\SymDS.sys [2009-11-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1101000.013\SymEFA.sys [2009-11-25 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20091104.001\BHDrvx86.sys [2009-11-4 524848]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1101000.013\cchpx86.sys [2009-11-25 501888]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.1.0.19\ccSvcHst.exe [2009-11-25 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20091111.001\IDSXpx86.sys [2009-11-24 329592]
R3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1100000.088\Ironx86.sys [2009-11-24 114736]
S2 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys --> c:\windows\system32\drivers\A4SII300.SYS [?]

=============== Created Last 30 ================

2009-11-25 19:46:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-25 19:46:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-25 02:04:31 0 d-----w- c:\docume~1\owner\applic~1\Tific
2009-11-25 01:53:25 0 d-----w- C:\Redirect Sources
2009-11-25 00:03:34 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-25 00:03:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-25 00:03:33 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-25 00:03:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-25 00:03:33 0 d-----w- c:\program files\Symantec
2009-11-25 00:03:33 0 d-----w- c:\program files\common files\Symantec Shared
2009-11-25 00:03:00 0 d-----w- c:\windows\system32\drivers\NAV
2009-11-25 00:02:55 0 d-----w- c:\program files\Norton AntiVirus
2009-11-24 23:56:18 0 d-----w- c:\docume~1\alluse~1\applic~1\PCSettings
2009-11-24 23:56:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-11-24 23:55:33 0 d-----w- c:\program files\NortonInstaller
2009-11-24 23:55:33 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-11-24 00:04:50 0 d-----w- c:\program files\Trend Micro
2009-11-22 01:22:42 0 d-----w- C:\spywarebegone
2009-11-22 00:52:04 3008800 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-22 00:52:04 189728 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-22 00:52:04 17156 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-22 00:52:04 14492 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-22 00:51:51 3714 ----a-w- C:\rollback.ini
2009-11-22 00:15:48 0 d-----w- c:\program files\common files\ParetoLogic
2009-11-22 00:15:48 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic Anti-Virus PLUS
2009-11-22 00:15:46 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-11-21 19:58:27 0 d-----w- c:\program files\SpyMe Tools
2009-11-21 19:36:42 0 d-----w- c:\program files\ExtractNow
2009-11-13 00:12:26 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-11-13 00:12:26 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-11-13 00:12:26 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-11-07 23:41:01 0 d-----w- c:\program files\iPod
2009-11-07 23:40:19 0 d-----w- c:\program files\iTunes
2009-11-07 23:40:19 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-11-22 01:21:57 737280 ----a-w- c:\windows\iun6002.exe
2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll

============= FINISH: 17:27:48.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 PM

Posted 25 November 2009 - 08:02 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 z-hawkeye

z-hawkeye
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 25 November 2009 - 08:41 PM

Thanks Sam...I can't tell 'ya how much I appreciate the help.
Down below, I pasted, in order, the Malwarebyte log, the OTL.txt and Extras.txt files. I'm not sure how you make sense out of this stuff, but I'm glad you can...

____________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.41
Database version: 3235
Windows 5.1.2600 Service Pack 2

11/25/2009 8:17:01 PM
mbam-log-2009-11-25 (20-17-01).txt

Scan type: Quick Scan
Objects scanned: 112240
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

____________________________________________________________________________________________________

OTL logfile created on: 11/25/2009 8:19:01 PM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.73 Mb Total Physical Memory | 537.96 Mb Available Physical Memory | 53.02% Memory free
2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 162.30 Gb Free Space | 87.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPEARS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/25 20:08:51 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/25 14:46:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/25 14:46:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/24 17:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/08/24 17:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/08/04 07:00:00 | 00,419,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/04 07:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/08/04 07:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/07/01 14:58:14 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/25 20:08:51 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 07:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 14:46:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/20 01:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe -- (NAV)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com

IE - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\S-1-5-21-3033193358-3554205781-1224994283-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2009/11/24 19:03:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/25 14:46:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\My Stuff\FireFox\components [2009/11/11 09:46:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\My Stuff\FireFox\plugins [2009/11/25 14:46:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: c:\Documents and Settings\Owner\NS\Components [2009/11/07 18:35:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: c:\Documents and Settings\Owner\NS\Plugins [2009/11/25 14:46:25 | 00,000,000 | ---D | M]

[2009/09/20 09:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/09/20 09:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/12 09:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2z91xtqb.default\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Our Programs\Spyware\Spybot\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003..\Run: [Spyware Begone] C:\spywarebegone\SpywareBeGone.exe (MicroSmarts LLC.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3033193358-3554205781-1224994283-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/31 18:20:22 | 00,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/19 20:13:37 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (61646580427522048)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/25 20:08:38 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/25 17:25:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\First Scans
[2009/11/25 14:46:25 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/25 14:46:25 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/25 14:46:25 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/25 14:46:25 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/25 14:46:25 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/25 14:42:16 | 00,800,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\JavaSetup6u17-rv.exe
[2009/11/25 14:19:54 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/25 10:14:48 | 00,361,520 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\symtdi.sys
[2009/11/25 10:14:48 | 00,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\symtdiv.sys
[2009/11/25 10:14:48 | 00,328,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymDS.sys
[2009/11/25 10:14:48 | 00,171,056 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymEFA.sys
[2009/11/25 10:14:47 | 00,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\cchpx86.sys
[2009/11/25 10:14:47 | 00,325,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtsp.sys
[2009/11/25 10:14:47 | 00,114,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\Ironx86.sys
[2009/11/25 10:14:47 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtspx.sys
[2009/11/25 10:13:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1101000.013
[2009/11/24 21:04:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Tific
[2009/11/24 21:04:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2009/11/24 20:53:25 | 00,000,000 | ---D | C] -- C:\Redirect Sources
[2009/11/24 20:50:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Norton Results
[2009/11/24 19:03:34 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/24 19:03:33 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/24 19:03:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/11/24 19:03:33 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/11/24 19:03:24 | 00,361,392 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1100000.088\symtdi.sys
[2009/11/24 19:03:24 | 00,338,480 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1100000.088\symtdiv.sys
[2009/11/24 19:03:24 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymDS.sys
[2009/11/24 19:03:24 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1100000.088\srtsp.sys
[2009/11/24 19:03:24 | 00,169,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymEFA.sys
[2009/11/24 19:03:24 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1100000.088\Ironx86.sys
[2009/11/24 19:03:24 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1100000.088\srtspx.sys
[2009/11/24 19:03:23 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1100000.088\ccHPx86.sys
[2009/11/24 19:03:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/11/24 19:03:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/11/24 19:03:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1100000.088
[2009/11/24 19:02:55 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/11/24 18:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/11/24 18:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/24 18:55:33 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/11/24 18:55:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/11/23 19:04:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/23 18:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Spyware Stuff
[2009/11/21 20:22:42 | 00,000,000 | ---D | C] -- C:\spywarebegone
[2009/11/21 19:45:43 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/11/21 19:15:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/11/21 19:15:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/11/21 19:15:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/11/21 18:15:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2009/11/21 17:44:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/21 14:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\SpyMe Tools
[2009/11/21 14:36:42 | 00,000,000 | ---D | C] -- C:\Program Files\ExtractNow
[2009/11/12 19:12:26 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/11/12 19:12:26 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/11/12 19:12:26 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/25 20:19:48 | 03,089,440 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/25 20:19:30 | 00,194,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/11/25 20:08:51 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/25 18:00:19 | 00,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/11/25 16:47:05 | 01,327,104 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2009/11/25 14:47:04 | 07,077,888 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/25 14:46:10 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/25 14:46:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/25 14:46:10 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/25 14:46:10 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/25 14:46:09 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/25 14:42:16 | 00,800,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\JavaSetup6u17-rv.exe
[2009/11/25 14:20:46 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/25 14:19:59 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/25 14:09:48 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/25 14:06:37 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/25 14:06:37 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/25 14:06:37 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/25 10:01:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/25 10:01:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/25 10:01:18 | 10,640,91648 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 22:56:57 | 00,017,156 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/11/24 22:56:57 | 00,014,492 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/24 22:56:33 | 01,076,788 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\Cat.DB
[2009/11/24 22:56:19 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 22:52:48 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/24 19:03:33 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/24 19:03:33 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/24 19:03:33 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/24 19:03:33 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/24 19:03:25 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2009/11/23 19:04:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/21 20:22:39 | 00,000,170 | ---- | M] () -- C:\WINDOWS\spywarebegone-fullversion-installed.html
[2009/11/21 20:21:57 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/11/21 19:51:52 | 00,003,714 | ---- | M] () -- C:\rollback.ini
[2009/11/21 15:01:25 | 00,000,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Filemon.exe.lnk
[2009/11/20 18:36:11 | 00,007,062 | ---- | M] () -- C:\WINDOWS\Owner8.xlb
[2009/11/20 18:00:05 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hijack Removal Instructions.doc
[2009/11/19 18:17:01 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/17 19:45:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/14 17:36:46 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/11/14 16:23:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/12 17:51:48 | 00,367,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/25 14:20:46 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/25 14:09:34 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/25 10:14:48 | 00,007,774 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\symnetv.cat
[2009/11/25 10:14:48 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymEFA.cat
[2009/11/25 10:14:48 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymNet.cat
[2009/11/25 10:14:48 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymEFA.inf
[2009/11/25 10:14:48 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymNetV.inf
[2009/11/25 10:14:48 | 00,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymNet.inf
[2009/11/25 10:14:47 | 00,007,493 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymDS.cat
[2009/11/25 10:14:47 | 00,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtsp.cat
[2009/11/25 10:14:47 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtspx.cat
[2009/11/25 10:14:47 | 00,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\iron.cat
[2009/11/25 10:14:47 | 00,002,793 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymDS.inf
[2009/11/25 10:14:47 | 00,001,756 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\ccHPx86.inf
[2009/11/25 10:14:47 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtspx.inf
[2009/11/25 10:14:47 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtsp.inf
[2009/11/25 10:14:47 | 00,000,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\Iron.inf
[2009/11/25 10:14:46 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\cchpx86.cat
[2009/11/25 10:13:59 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\isolate.ini
[2009/11/24 19:03:38 | 01,076,788 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\Cat.DB
[2009/11/24 19:03:33 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/24 19:03:33 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/24 19:03:25 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2009/11/24 19:03:12 | 00,003,375 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymEFA.inf
[2009/11/24 19:03:12 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymDS.inf
[2009/11/24 19:03:12 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\ccHPx86.inf
[2009/11/24 19:03:12 | 00,001,475 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymNetV.inf
[2009/11/24 19:03:12 | 00,001,447 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymNet.inf
[2009/11/24 19:03:12 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\srtspx.inf
[2009/11/24 19:03:12 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\srtsp.inf
[2009/11/24 19:03:12 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\Iron.inf
[2009/11/24 19:03:00 | 00,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\symnetv.cat
[2009/11/24 19:03:00 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\srtsp.cat
[2009/11/24 19:03:00 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymEFA.cat
[2009/11/24 19:03:00 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\srtspx.cat
[2009/11/24 19:03:00 | 00,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymDS.cat
[2009/11/24 19:03:00 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\iron.cat
[2009/11/24 19:03:00 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\cchpx86.cat
[2009/11/24 19:03:00 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\SymNet.cat
[2009/11/24 19:03:00 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1100000.088\isolate.ini
[2009/11/23 19:04:51 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/21 19:52:25 | 00,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/11/21 19:52:04 | 03,087,648 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/21 19:52:04 | 00,194,592 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/11/21 19:52:04 | 00,017,156 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/11/21 19:52:04 | 00,014,492 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/21 19:51:51 | 00,003,714 | ---- | C] () -- C:\rollback.ini
[2009/11/21 16:43:48 | 10,640,91648 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/21 15:01:25 | 00,000,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Filemon.exe.lnk
[2009/11/20 17:53:50 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Hijack Removal Instructions.doc
[2009/08/06 08:21:46 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/06/20 09:09:42 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\92403586.ini
[2008/09/01 19:47:45 | 00,000,359 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\02000000abb290d9P.manifest
[2008/09/01 19:47:45 | 00,000,013 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\02000000abb290d9C.manifest
[2008/09/01 19:47:45 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\02000000abb290d9S.manifest
[2008/09/01 19:47:45 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\02000000abb290d9O.manifest
[2008/09/01 19:47:45 | 00,000,007 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\02000000abb290d9R.manifest
[2008/03/14 17:19:30 | 00,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/12/21 15:15:37 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/02 11:54:08 | 00,000,000 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\b925c42dd7c2965cbc3824a722895312.dat
[2007/08/19 13:27:43 | 00,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2007/04/28 12:20:17 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/03/04 15:26:39 | 00,000,110 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/12/31 22:33:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2006/03/20 17:59:00 | 00,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/05 17:08:06 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/01/05 17:08:02 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2005/11/14 21:05:13 | 00,001,771 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/11/12 10:18:15 | 00,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2005/11/06 17:03:33 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/11/06 17:00:15 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2005/07/07 16:56:28 | 00,112,160 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/04/22 18:12:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Mailmark.ini
[2005/04/22 18:02:13 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL
[2005/04/22 18:02:13 | 00,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2005/04/22 18:02:13 | 00,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2005/04/22 18:01:11 | 00,001,901 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2005/04/22 18:01:11 | 00,001,716 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2005/04/22 18:01:11 | 00,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2005/04/22 18:00:57 | 00,000,103 | ---- | C] () -- C:\WINDOWS\moffice.ini
[2005/04/22 18:00:19 | 00,000,131 | ---- | C] () -- C:\WINDOWS\CusDlg.INI
[2005/03/01 17:37:46 | 00,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2005/01/14 19:06:29 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/14 19:06:29 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/01/05 09:10:48 | 00,195,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/05 08:11:15 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/01/04 19:42:11 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/02 16:51:08 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\gtcodec2.DLL
[2005/01/02 15:10:38 | 00,001,004 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2005/01/02 14:39:10 | 00,000,220 | ---- | C] () -- C:\WINDOWS\PHOTOS30.INI
[2005/01/02 14:37:20 | 00,000,182 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/08/20 15:24:59 | 03,734,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2004/08/20 15:24:56 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/20 14:12:20 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/08/20 14:12:20 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/08/19 20:23:22 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/08/19 20:19:59 | 00,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/19 20:16:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2004/08/19 20:14:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/19 20:12:20 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/19 20:12:20 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/19 20:11:43 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2004/08/19 20:11:43 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/08/19 19:49:16 | 00,000,950 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/19 19:49:16 | 00,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/19 19:49:14 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/08/19 19:49:14 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/19 19:49:03 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/08/19 19:49:03 | 00,001,348 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/19 19:49:02 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/08/19 19:49:01 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/08/19 19:49:01 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System.ini
[2004/08/19 19:48:58 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/19 19:48:58 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/08/19 19:48:57 | 01,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2004/08/19 19:48:57 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/19 19:48:57 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/19 19:48:57 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/08/19 19:48:57 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2004/08/19 19:48:57 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/08/19 19:48:57 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/08/19 19:48:57 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/08/19 19:48:57 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/08/19 19:48:57 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/08/19 19:48:57 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/08/19 19:48:57 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/08/19 19:48:55 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/19 19:48:55 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/19 19:48:55 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/19 19:48:55 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/19 19:48:55 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/08/19 19:48:55 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/08/19 19:48:55 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/08/19 19:48:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/08/19 19:48:55 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/08/19 19:48:55 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/08/19 19:48:54 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/08/19 19:48:54 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/19 19:48:54 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/08/19 19:48:52 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/08/19 19:48:52 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/19 19:48:52 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/19 19:48:51 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/08/19 19:48:50 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/08/19 19:48:49 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/08/19 19:48:49 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/19 19:48:45 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/19 19:48:44 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/08/19 19:48:44 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2004/08/19 19:48:44 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/08/19 19:48:43 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/19 19:48:43 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004/08/19 13:07:53 | 00,441,626 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/19 13:07:51 | 00,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 13:07:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2001/08/17 17:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1996/11/21 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/21 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/21 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1995/10/24 13:28:53 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== LOP Check ==========

[2005/01/04 19:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AOL
[2004/08/19 20:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2004/08/19 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/11/21 16:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2004/08/19 20:29:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2004/08/19 20:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2004/08/19 20:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2004/08/19 20:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
[2004/08/19 20:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/01/04 19:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/10/24 16:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/06/17 19:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2004/08/19 20:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/09/10 20:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/04/28 12:20:17 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/01/05 17:08:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/11/24 19:04:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/24 19:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/11/21 20:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/11/21 19:15:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/11/24 18:56:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2004/08/19 20:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2005/03/14 16:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2007/09/22 16:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/01/02 10:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/01/13 09:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2005/11/06 17:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2006/01/05 17:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/11/21 18:45:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/08/19 20:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/14 16:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/11/07 18:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/18 15:56:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/01/04 19:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\AOL
[2004/08/19 20:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CyberLink
[2004/08/19 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2004/08/19 20:29:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2004/08/19 20:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sun
[2004/08/19 20:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Symantec
[2004/08/19 20:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
[2004/08/19 20:14:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/10 20:38:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/02/12 16:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2005/01/06 17:11:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2005/01/04 19:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AOL
[2009/11/09 19:11:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2005/11/06 17:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2005/04/16 16:35:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2009/11/07 21:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2004/08/19 20:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2009/07/22 16:59:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Sound Recorder
[2007/12/05 19:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2005/01/02 11:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2005/09/15 17:50:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HorizonWimba
[2004/08/19 20:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2005/01/02 10:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2006/12/17 13:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/07/09 19:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2008/09/10 20:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/01/25 19:14:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\McGraw-HillLicensing
[2009/08/06 08:21:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2009/09/20 09:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2005/03/09 16:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2006/08/13 19:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OLYMPUS
[2005/03/09 16:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2007/06/09 10:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reno 911 Paintball
[2005/11/06 17:03:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2005/03/09 16:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2004/08/19 20:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/08/06 08:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/11/24 21:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2008/06/08 07:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2007/03/10 11:27:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2006/01/29 11:46:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2004/08/19 20:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2009/11/14 16:23:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2005/01/01 18:12:22 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2009/11/25 18:00:19 | 00,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/11/25 10:01:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/01/06 17:14:23 | 03,880,448 | ---- | M] () -- C:\D00454-002-002.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

_____________________________________________________________________________________________________

OTL Extras logfile created on: 11/25/2009 8:19:01 PM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.73 Mb Total Physical Memory | 537.96 Mb Available Physical Memory | 53.02% Memory free
2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 162.30 Gb Free Space | 87.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPEARS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = ] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Atari\Scrabble Complete\ScrabbleComplete.exe" = C:\Program Files\Atari\Scrabble Complete\ScrabbleComplete.exe:*:Disabled:Scrabble Complete -- (Infogrames Interactive)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{158C641B-D60C-45E4-A380-B5725A4FE98A}" = ScopeCam Driver Installer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{378E6AB4-C604-4D67-83D5-E973F0DE7EC9}" = ExpressPCB
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5783F2D7-0001-0409-0000-0060B0CE6BBA}" = AutoCAD 2000i
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}" = Myst Masterpiece Edition
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A934301E-BC7B-423E-A0E0-7945CC1838A3}" = MalwareRemovalBot
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B36649A3-D0DD-4706-B042-F5B384529C7A}" = Scrabble Complete
"{B668B8B2-821E-417D-8FE8-AA3BC52064DD}" = Sony ACID Music Studio 5.0
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9577427-2D9D-4580-BDB3-FFDDE06A9554}" = Riven
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"AccuChef" = AccuChef
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Illustrator 7.0" = Adobe Illustrator 7.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"AnswerWorks" = AnswerWorks Runtime
"Audacity_is1" = Audacity 1.2.6
"BellSouth" = BellSouth FastAccess DSL Help Center
"BigFix" = BigFix
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"eSketch v1.53" = eSketch
"ExtractNow_is1" = ExtractNow
"Free Sound Recorder_is1" = Free Sound Recorder v7.9.1
"Gallery Remote" = Gallery Remote
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"iPhoto Plus 4" = iPhoto Plus 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MP3MyMP3_is1" = MP3MyMP3 3.0
"NAV" = Norton AntiVirus
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Netscape (7.2)" = Netscape (7.2)
"Office8.0" = Microsoft Office 97, Standard Edition
"OLYMPUS CAMEDIA Master 1.2" = OLYMPUS CAMEDIA Master 1.2
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"RecipeWorks" = RecipeWorks
"RegiDean for Windows 95/98/00/ME/NT/XP" = RegiDean for Windows 95/98/00/ME/NT/XP
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SpyMe Tools_is1" = SpyMe Tools 1.5
"spywarebegoneV10.00" = Spyware Begone V10.11 Free
"spywarebegoneV9.15" = Spyware Begone V9.15-Free
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TaxACT 2004" = TaxACT 2004
"TaxACT 2005" = TaxACT 2005
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"ViewpointMediaPlayer" = Viewpoint Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2009 7:02:51 PM | Computer Name = SPEARS | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/14/2009 11:47:53 AM | Computer Name = SPEARS | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2009 7:17:36 PM | Computer Name = SPEARS | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/16/2009 6:44:58 PM | Computer Name = SPEARS | Source = Application Hang | ID = 1002
Description = Hanging application mmjb.exe, version 8.20.0.107, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2009 7:21:58 PM | Computer Name = SPEARS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00010717.

Error - 11/18/2009 10:22:39 PM | Computer Name = SPEARS | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2009 10:22:39 PM | Computer Name = SPEARS | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2009 9:06:04 PM | Computer Name = SPEARS | Source = ESENT | ID = 490
Description = wuauclt (1448) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 11/21/2009 9:06:58 PM | Computer Name = SPEARS | Source = Application Hang | ID = 1002
Description = Hanging application sysocmgr.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2009 9:07:11 PM | Computer Name = SPEARS | Source = ESENT | ID = 490
Description = wuauclt (2296) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 11/22/2009 6:42:08 PM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7002
Description = The A4SII300 service depends on the 2Parallel arbitrat group and no
member of this group started.

Error - 11/22/2009 6:45:40 PM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 11/23/2009 7:24:53 PM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7002
Description = The A4SII300 service depends on the 2Parallel arbitrat group and no
member of this group started.

Error - 11/23/2009 7:28:26 PM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 11/24/2009 5:31:23 PM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7002
Description = The A4SII300 service depends on the 2Parallel arbitrat group and no
member of this group started.

Error - 11/24/2009 5:34:55 PM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 11/24/2009 8:04:23 PM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7002
Description = The A4SII300 service depends on the 2Parallel arbitrat group and no
member of this group started.

Error - 11/24/2009 8:07:54 PM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 11/25/2009 11:02:58 AM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7002
Description = The A4SII300 service depends on the 2Parallel arbitrat group and no
member of this group started.

Error - 11/25/2009 11:06:43 AM | Computer Name = SPEARS | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 PM

Posted 27 November 2009 - 10:54 AM

You've got a rootkit infection which we'll address. But also a few other minor issues that you'll want to take care of. First Spywarebegone is not a recommended program. It was once considered a rogue program due to false positives and advertising. While it has improved somewhat there are still many other programs that are much better to be used for spyware removal. I do recommend uninstalling it.

You also have some older versions of java installed. These are security risks and should be uninstalled.

Lastly you have a very outdated version of Spybot.

Please uninstall these programs:

Spyware Begone V10.11 Free
Spyware Begone V9.15-Free
Spybot - Search & Destroy 1.3
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0



Please disable your antivirus program.
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.

    Files to move:
    C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). Please copy and paste this log into your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 z-hawkeye

z-hawkeye
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 27 November 2009 - 05:57 PM

Hello Sam...hope you had a great Thanksgiving...
Add/Remove programs removed everything except Spywarebegone 9.15...received an error message...the folder didn't contain an executable...I ended up deleting the folder.
Downloaded Avenger and attempted to run it...received an error message stating that RunOnce couldn't be opened. I looked in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion and noticed that RunOnce didn't exist. I created the key and Avenger operated as you explained.
However, the log doesn't appear to show much...I believe the first two logs are of my first two attempts when it displayed the error...
Again, thanks for the help...


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Nov 27 17:40:18 2009

17:40:18: Error: Could not open RunOnce key to register cleanup.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Fri Nov 27 17:42:37 2009

17:42:37: Error: Could not open RunOnce key to register cleanup.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 PM

Posted 28 November 2009 - 10:17 AM

Well done! Now check to see if you are still being redirected.
Let me know of any other issues that you are having now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 z-hawkeye

z-hawkeye
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 28 November 2009 - 11:06 AM

So far, so good...just tried a whole page of Google links without a single redirect...you're a genius and I can't thank you enough...
One more question...I downloaded Norton 2010 and apparently Kaspersky Internet Security 2010 (I thought I was running the online scanner, but I think it downloaded instead)...do you recommend either of these, or is there another that you prefer?
I haven't had any anti-virus or internet protection for some time, but I think it's time to get some...
Thanks,
Matt

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:46 PM

Posted 28 November 2009 - 08:37 PM

Between the two I'd recommend Kaspersky over Norton. You definitely need to remove on of them though. Running two antivirus programs at the same time can cause some problems.

Here are some final steps as well as some other recommendations for you.

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users