Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE/Firefox Google Redirect


  • This topic is locked This topic is locked
9 replies to this topic

#1 mrlucky808

mrlucky808

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 11 December 2009 - 07:22 PM

Aloha -

My name is Joel. I noticed that when I was searching with Google or Yahoo search that I would get redirected to some odd website. Neither Spy Sweeper nor McAfee had caught it. I downloaded Malwarebytes and Spybot S&D which got rid of some stuff but the redirect is still there. I'm not sure how to get my computer disinfected.

I ran DDS and the report is below. I also ran RootRepeal, which had an error the first time I ran it and said that it couldn't read Address 0x000000 or something like that. I renamed the .exe file to RootRep.exe and it ran through okay. That report is attached as well.

I will leave this computer alone until I hear from you.

Thanks in advance for any help you can provide.

======================


DDS (Ver_09-12-01.01) - NTFSx86
Run by JoelC at 13:49:08.43 on Fri 12/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1269 [GMT -10:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AutoMate 5\AutoMate5Svc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\AutoMate 5\AM5HkWnd.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lenovo\Message Center Plus\MessageCenterPlus.exe
C:\Documents and Settings\JoelC\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hawaii.edu/
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Shell=Explorer.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [High Definition Audio Property Page Shortcut] "HDAShCut.exe"
mRun: [Mouse Suite 98 Daemon] "ICO.EXE"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] "c:\progra~1\lenovo\lenovo~2\LPMGR.exe"
mRun: [TVT Scheduler Proxy] "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [Picasa Media Detector] "c:\program files\picasa2\PicasaMediaDetector.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [NWTRAY] "NWTRAY.EXE"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [AutoMate5] "c:\program files\automate 5\AM5HkWnd.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] "c:\windows\ime\imkr6_1\IMEKRMIG.EXE"
mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC
mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
mRun: [EEventManager] "c:\program files\epson\creativity suite\event manager\EEventManager.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [Message Center Plus] "c:\program files\lenovo\message center plus\MCPLaunch.exe" /start
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
Trusted Zone: hawaii.edu\dw
Trusted Zone: hawaii.edu\prodmvs.its
Trusted Zone: hawaii.edu\rpt17.its
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxps://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A4ED0301-9280-48A4-A046-BD6768AEE84E} - hxxps://finance.uhf.hawaii.edu/ifas7/CDD/btieprnt.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFECAFE-0013-0001-0008-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxps://bannerforms.apps.uillinois.edu/forms/jinitiator/doc/1.3.1.22/jinit.exe
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {4375F0D8-BFB5-4CA4-97C4-1C3374BA0B55} = 128.171.187.7,128.171.3.13
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwv1_0
LSA: Notification Packages = scecli scecli scecli
mASetup: {439113CE-2797-47E8-BA3D-03F300777207} - "c:\program files\hummingbird\connectivity\13.00\accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1 LOGGINGLEVEL=5

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joelc\applic~1\mozilla\firefox\profiles\v481l7am.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hawaii.edu/
FF - plugin: c:\documents and settings\joelc\application data\mozilla\firefox\profiles\v481l7am.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\joelc\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-10 28552]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-8-20 47640]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-6-28 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-1-27 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-1-27 54608]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-12-7 1205760]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-6-28 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-6-28 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-6-28 177864]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2008-7-28 14336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-12-11 02:30:03 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-11 02:30:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-10 19:06:59 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-10 19:06:29 0 d-----w- c:\program files\Panda Security
2009-12-09 19:05:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
2009-12-09 19:04:11 0 d-----w- c:\program files\AVG
2009-12-09 19:03:57 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-09 18:57:55 0 d-----w- c:\program files\CCleaner
2009-12-08 02:25:47 0 d-----w- c:\docume~1\joelc\applic~1\Malwarebytes
2009-12-08 02:25:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 02:25:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-08 02:25:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 02:25:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 02:17:47 0 d-----w- c:\program files\Trend Micro
2009-12-07 23:47:54 0 d-----w- c:\program files\MSSOAP
2009-12-07 23:47:08 1563008 ----a-w- c:\windows\WRSetup.dll
2009-12-07 23:47:07 0 d-----w- c:\program files\Webroot
2009-12-07 23:47:07 0 d-----w- c:\docume~1\joelc\applic~1\Webroot
2009-12-07 23:47:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot

==================== Find3M ====================

2009-12-10 13:38:31 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-10 13:38:31 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-03 06:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 19:08:22 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 05:38:23 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 05:38:23 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 05:38:22 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 05:38:22 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-01 18:30:50 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 18:30:48 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-10-01 18:30:48 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2008-05-05 19:24:13 608 --sh--w- c:\windows\system32\winzvprt5.sys
2007-05-22 11:21:55 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-02-26 18:24:31 16384 --sh--w- c:\windows\temp\cookies\index.dat
2009-02-26 18:24:31 32768 --sh--w- c:\windows\temp\history\history.ie5\index.dat
2009-02-26 18:24:31 32768 --sh--w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:51:00.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 12 December 2009 - 10:18 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 mrlucky808

mrlucky808
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 12 December 2009 - 08:49 PM

Hi Sam. Thanks for getting back to me so quickly. OTL ran fairly quickly and GMER took a while. The two OTL logs are below and the GMER log will follow.

I noticed that the fan on the back of the computer was running constantly at a fairly high speed. Other than that, the computer's status has remained unchanged.

Thanks,

Joel

OTL logfile created on: 12/12/2009 11:23:59 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\JoelC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.18% Memory free
2.58 Gb Paging File | 1.71 Gb Available in Paging File | 66.42% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.51 Gb Total Space | 67.21 Gb Free Space | 46.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 37.16 Gb Total Space | 19.34 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS
Drive L: | 278.56 Gb Total Space | 243.58 Gb Free Space | 87.44% Space Free | Partition Type: NWFS
Drive M: | 37.16 Gb Total Space | 19.34 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
Drive O: | 73.05 Gb Total Space | 0.20 Gb Free Space | 0.27% Space Free | Partition Type: NWFS
Drive P: | 229.32 Gb Total Space | 2.30 Gb Free Space | 1.00% Space Free | Partition Type: NWFS
Drive Q: | 278.56 Gb Total Space | 243.58 Gb Free Space | 87.44% Space Free | Partition Type: NWFS
Drive R: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS
Drive S: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS
Drive T: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS
Drive V: | 73.05 Gb Total Space | 0.20 Gb Free Space | 0.27% Space Free | Partition Type: NWFS
Drive Z: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS

Computer Name: WALDORF
Current User Name: JoelC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 11:23:03 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoelC\Desktop\OTL.exe
PRC - [2009/12/07 13:48:32 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 15:15:18 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/20 09:14:27 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/01 08:31:11 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/01 08:30:47 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/27 22:10:00 | 00,400,696 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Message Center Plus\MessageCenterPlus.exe
PRC - [2009/05/27 22:09:36 | 00,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/13 15:40:08 | 06,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/21 18:26:50 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/01/27 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/01/27 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/12/08 15:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/04/17 14:03:52 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/04/17 14:03:52 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/17 10:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 10:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 10:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/03 15:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 15:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 17:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/12 15:57:08 | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2006/08/13 20:41:28 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/08/13 20:39:08 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006/08/13 20:38:08 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/07/14 15:20:38 | 00,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2006/07/14 15:13:14 | 02,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006/07/14 15:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/07/14 14:36:00 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/03 06:11:00 | 00,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2006/05/23 18:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/10/28 08:08:31 | 00,335,872 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/10/03 12:04:04 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/16 01:37:04 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
PRC - [2005/09/12 19:22:44 | 00,135,168 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2005/07/08 14:15:52 | 02,947,072 | ---- | M] (Network Automation, Inc.) -- C:\Program Files\AutoMate 5\AutoMate5Svc.exe
PRC - [2005/06/27 15:50:36 | 02,859,520 | ---- | M] (Network Automation, Inc.) -- C:\Program Files\AutoMate 5\Am5HkWnd.exe
PRC - [2005/04/13 11:34:28 | 00,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2004/07/27 13:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/06/09 14:27:34 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2003/11/06 12:51:32 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2002/03/12 06:37:28 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 11:23:03 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoelC\Desktop\OTL.exe
MOD - [2008/04/14 05:42:12 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 05:42:10 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 23:07:58 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/07/14 15:20:50 | 00,613,120 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
MOD - [2006/07/14 15:20:46 | 00,645,888 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll
MOD - [2006/07/14 15:20:40 | 01,919,744 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
MOD - [2006/07/14 14:24:00 | 00,682,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_banner.dll
MOD - [2005/02/04 14:30:18 | 00,036,864 | ---- | M] () -- C:\Program Files\AutoMate 5\AM5TrgHk.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/07 13:48:32 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/10/01 08:31:11 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/02/24 13:04:05 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/27 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/01/27 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 21:27:34 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/05/22 01:38:04 | 00,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2007/04/17 14:03:52 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/17 10:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 15:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 17:40:12 | 00,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/08/11 11:51:04 | 00,028,672 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2006/07/14 15:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/05/23 18:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/03 12:04:04 | 00,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/07/08 14:15:52 | 02,947,072 | ---- | M] (Network Automation, Inc.) [Auto | Running] -- C:\Program Files\AutoMate 5\AutoMate5Svc.exe -- (AutoMate5)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 21:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 18:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2002/05/03 03:10:22 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000desktop [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000desktop [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.uhpress.hawaii.edu/ [binary data]
IE - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hawaii.edu/
IE - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\S-1-5-21-1757981266-484763869-1957994488-1172\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hawaii.edu/"
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.3.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091129.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 15:15:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/11 15:53:14 | 00,000,000 | ---D | M]

[2008/08/26 12:54:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Mozilla\Extensions
[2009/12/10 14:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Mozilla\Firefox\Profiles\v481l7am.default\extensions
[2009/11/09 10:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Mozilla\Firefox\Profiles\v481l7am.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2009/10/29 13:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Mozilla\Firefox\Profiles\v481l7am.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/12/08 10:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Mozilla\Firefox\Profiles\v481l7am.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/02 09:24:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Mozilla\Firefox\Profiles\v481l7am.default\extensions\LogMeInClient@logmein.com
[2009/12/10 14:32:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/19 14:57:00 | 02,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/02/28 14:30:00 | 00,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 14:33:00 | 00,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AutoMate5] C:\Program Files\AutoMate 5\AM5HkWnd.exe (Network Automation, Inc.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\..Trusted Domains: hawaii.edu ([dw] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\..Trusted Domains: hawaii.edu ([prodmvs.its] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\..Trusted Domains: hawaii.edu ([rpt17.its] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-484763869-1957994488-1172\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} https://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4ED0301-9280-48A4-A046-BD6768AEE84E} https://finance.uhf.hawaii.edu/ifas7/CDD/btieprnt.cab (cddprint Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFECAFE-0013-0001-0008-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.8)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} https://bannerforms.apps.uillinois.edu/form....1.22/jinit.exe (JInitiator 1.3.1.22)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uhp.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/29 21:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/22 01:01:00 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (52920688645767168)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/12 11:22:25 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JoelC\Desktop\OTL.exe
[2009/12/12 02:04:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/11 12:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/11 12:10:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/11 12:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/11 12:10:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/11 09:00:22 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\JoelC\Desktop\RootRep.exe
[2009/12/10 16:30:03 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/10 16:30:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/12/10 16:26:43 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\JoelC\Desktop\spybotsd162.exe
[2009/12/10 16:18:11 | 00,186,880 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\JoelC\Desktop\LSPFix.exe
[2009/12/10 09:06:59 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/12/10 09:06:29 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/12/09 12:44:58 | 00,425,472 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JoelC\Desktop\OTM.exe
[2009/12/09 09:49:29 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\JoelC\Recent
[2009/12/09 09:05:33 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2009/12/09 09:04:11 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/09 09:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/09 08:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/08 10:24:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JoelC\Application Data\FileZilla
[2009/12/08 10:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/12/07 16:25:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JoelC\Application Data\Malwarebytes
[2009/12/07 16:25:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/07 16:25:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/07 16:25:28 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/07 16:25:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/07 16:17:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/07 13:47:54 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/12/07 13:47:08 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/12/07 13:47:07 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/12/07 13:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JoelC\Application Data\Webroot
[2009/12/07 13:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2009/09/08 08:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2008/05/10 19:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[506 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\Documents and Settings\JoelC\My Documents\*.tmp files -> C:\Documents and Settings\JoelC\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/12 11:23:03 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoelC\Desktop\OTL.exe
[2009/12/12 02:04:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/11 16:12:16 | 00,000,042 | ---- | M] () -- C:\WINDOWS\hpmnwun.ini
[2009/12/11 13:59:22 | 00,405,167 | ---- | M] () -- C:\Documents and Settings\JoelC\Desktop\RootRepeal.dmp
[2009/12/11 12:55:24 | 81,230,0287 | ---- | M] () -- C:\Documents and Settings\JoelC\Desktop\Backup.bkf
[2009/12/11 12:25:24 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/12/11 12:24:23 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/11 12:21:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/11 12:21:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/11 12:20:29 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\JoelC\NTUSER.DAT
[2009/12/11 12:20:29 | 00,000,384 | -HS- | M] () -- C:\Documents and Settings\JoelC\ntuser.ini
[2009/12/11 10:33:20 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\JoelC\Desktop\wfi14wfq.exe
[2009/12/11 09:01:07 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\JoelC\Desktop\RootRep.exe
[2009/12/11 09:00:38 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\JoelC\Desktop\dds.scr
[2009/12/10 16:30:43 | 00,000,940 | ---- | M] () -- C:\Documents and Settings\JoelC\Desktop\Spybot - Search & Destroy.lnk
[2009/12/10 16:28:07 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\JoelC\Desktop\spybotsd162.exe
[2009/12/10 16:20:32 | 00,186,880 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\JoelC\Desktop\LSPFix.exe
[2009/12/10 03:25:50 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 03:25:50 | 00,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 03:25:50 | 00,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 03:05:12 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 12:45:09 | 00,425,472 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoelC\Desktop\OTM.exe
[2009/12/09 09:05:33 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2009/12/09 08:59:29 | 00,106,166 | ---- | M] () -- C:\Documents and Settings\JoelC\My Documents\cc_20091209_085914.reg
[2009/12/09 08:58:02 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\JoelC\Desktop\CCleaner.lnk
[2009/12/08 01:00:04 | 00,001,638 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_D07AC7AB6EA74C8FAAD62A7ED887F283.job
[2009/12/07 16:25:40 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/07 16:17:47 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\JoelC\Desktop\HijackThis.lnk
[2009/12/07 13:39:30 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[506 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\JoelC\My Documents\*.tmp files -> C:\Documents and Settings\JoelC\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/11 13:59:21 | 00,405,167 | ---- | C] () -- C:\Documents and Settings\JoelC\Desktop\RootRepeal.dmp
[2009/12/11 12:32:21 | 81,230,0287 | ---- | C] () -- C:\Documents and Settings\JoelC\Desktop\Backup.bkf
[2009/12/11 10:31:53 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\JoelC\Desktop\wfi14wfq.exe
[2009/12/11 08:59:02 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\JoelC\Desktop\dds.scr
[2009/12/10 16:30:43 | 00,000,940 | ---- | C] () -- C:\Documents and Settings\JoelC\Desktop\Spybot - Search & Destroy.lnk
[2009/12/10 03:03:57 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/12/09 08:59:18 | 00,106,166 | ---- | C] () -- C:\Documents and Settings\JoelC\My Documents\cc_20091209_085914.reg
[2009/12/09 08:58:02 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\JoelC\Desktop\CCleaner.lnk
[2009/12/07 16:25:40 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/07 16:17:47 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\JoelC\Desktop\HijackThis.lnk
[2009/12/07 13:39:25 | 00,001,638 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_D07AC7AB6EA74C8FAAD62A7ED887F283.job
[2009/10/20 09:33:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/01/06 08:52:22 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\FS40uUsd.dll
[2008/11/28 12:56:39 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/28 12:56:39 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/28 12:56:33 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/28 12:56:33 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/28 12:56:30 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/28 12:56:30 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/20 16:44:52 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/10/20 16:33:09 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/10/20 16:28:17 | 00,000,044 | ---- | C] () -- C:\WINDOWS\PERFV500P.ini
[2008/09/15 14:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 14:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 14:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/28 14:42:22 | 00,000,316 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/05/05 09:26:13 | 00,000,042 | ---- | C] () -- C:\WINDOWS\hpmnwun.ini
[2008/05/05 09:24:13 | 00,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2008/05/05 09:20:06 | 00,000,140 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/05/05 09:17:33 | 00,001,100 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/05/05 09:13:29 | 00,001,468 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/08/24 15:16:20 | 00,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2007/08/20 07:55:27 | 00,210,000 | ---- | C] () -- C:\WINDOWS\System32\amsco32.dll
[2007/08/19 13:30:43 | 00,000,311 | ---- | C] () -- C:\WINDOWS\PVX.INI
[2007/08/19 13:30:31 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/08/19 13:30:29 | 00,074,240 | ---- | C] () -- C:\WINDOWS\System32\90wres32.dll
[2007/08/19 13:30:17 | 00,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2007/08/19 13:16:58 | 00,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd
[2007/08/16 14:31:50 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\JoelC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/16 10:13:30 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2007/08/15 17:44:23 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\JoelC\Local Settings\Application Data\fusioncache.dat
[2007/06/29 11:05:24 | 00,000,516 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/29 06:01:23 | 00,000,454 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2007/06/28 16:40:29 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/05/22 19:14:58 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/22 01:44:49 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/22 01:28:04 | 01,398,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
[2007/05/22 01:27:01 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/05/22 01:25:26 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/22 01:25:26 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/22 01:25:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/22 01:25:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/22 01:25:26 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/22 01:25:26 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/22 01:25:08 | 00,000,086 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/05/22 01:19:43 | 00,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007/05/22 01:19:43 | 00,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/05/22 01:19:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2007/05/22 01:08:00 | 00,459,664 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/22 01:08:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2006/10/06 05:35:08 | 00,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2006/06/19 05:36:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/24 11:12:44 | 00,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2006/04/29 21:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/29 21:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/29 20:56:01 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003275_.tmp.dll
[2006/04/29 20:55:42 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003307_.tmp.dll
[2006/03/27 07:08:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2005/04/18 04:43:00 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2003/06/11 14:39:12 | 06,270,976 | ---- | C] () -- C:\WINDOWS\System32\cricu19.dll
[2002/02/27 06:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 06:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 06:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/01/20 05:15:14 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/01/11 00:37:36 | 00,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996/05/14 05:50:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 04:36:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

========== LOP Check ==========

[2007/06/29 06:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2007/05/22 01:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
[2009/11/06 16:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/12/11 12:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/06/29 06:05:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/11/07 17:22:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/08/21 08:07:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/08/19 13:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hummingbird
[2009/06/08 06:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/06/16 06:27:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/08/20 07:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Automation
[2009/10/22 14:35:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/12/31 11:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PanaVue
[2007/08/27 10:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2008/05/05 09:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zvprt50
[2007/06/29 06:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2007/05/22 01:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage
[2007/06/29 06:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\Lenovo
[2007/05/22 01:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joel\Application Data\ThinkVantage
[2009/11/06 16:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Ashampoo
[2009/10/22 16:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Canon
[2009/03/31 15:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Costco Photo Viewer US
[2009/06/08 06:37:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Downloaded Installations
[2008/10/20 17:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\EPSON
[2009/12/10 09:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\FileZilla
[2007/08/21 08:06:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\HotSync
[2007/10/04 16:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Hummingbird
[2007/08/21 08:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Leadertech
[2007/08/15 17:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Lenovo
[2009/11/03 11:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Netscape
[2008/05/16 11:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\OfficeUpdate12
[2009/04/30 16:42:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\Opera
[2007/05/22 01:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JoelC\Application Data\ThinkVantage
[2009/12/12 02:04:05 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/12/08 01:00:04 | 00,001,638 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_D07AC7AB6EA74C8FAAD62A7ED887F283.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/06/03 01:31:20 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\fixccs.exe


< MD5 for: AGP440.SYS >
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 08:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 20:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 08:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2009/12/10 03:38:31 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/10 03:38:31 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 14:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/11 14:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 14:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 14:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 12/12/2009 11:23:59 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\JoelC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.18% Memory free
2.58 Gb Paging File | 1.71 Gb Available in Paging File | 66.42% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.51 Gb Total Space | 67.21 Gb Free Space | 46.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 37.16 Gb Total Space | 19.34 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS
Drive L: | 278.56 Gb Total Space | 243.58 Gb Free Space | 87.44% Space Free | Partition Type: NWFS
Drive M: | 37.16 Gb Total Space | 19.34 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
Drive O: | 73.05 Gb Total Space | 0.20 Gb Free Space | 0.27% Space Free | Partition Type: NWFS
Drive P: | 229.32 Gb Total Space | 2.30 Gb Free Space | 1.00% Space Free | Partition Type: NWFS
Drive Q: | 278.56 Gb Total Space | 243.58 Gb Free Space | 87.44% Space Free | Partition Type: NWFS
Drive R: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS
Drive S: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS
Drive T: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS
Drive V: | 73.05 Gb Total Space | 0.20 Gb Free Space | 0.27% Space Free | Partition Type: NWFS
Drive Z: | 31.78 Gb Total Space | 7.41 Gb Free Space | 23.32% Space Free | Partition Type: NWFS

Computer Name: WALDORF
Current User Name: JoelC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1757981266-484763869-1957994488-1172\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AutoMate 5\SpawnTask.exe" = C:\Program Files\AutoMate 5\SpawnTask.exe:*:Enabled:AutoMate 5 Task Process -- (Network Automation, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\FileMaker\FileMaker Pro 9\FileMaker Pro.exe" = C:\Program Files\FileMaker\FileMaker Pro 9\FileMaker Pro.exe:*:Enabled:FileMaker Pro -- File not found
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:Framework Service -- (McAfee, Inc.)
"D:\setup\hppniprint01.exe" = D:\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe -- File not found
"D:\setup\hppniprint64.exe" = D:\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe -- File not found
"D:\setup\hppnicifs01.exe" = D:\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe -- File not found
"D:\setup\LaunchApp.exe" = D:\setup\LaunchApp.exe:*:Enabled:launchapp.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AutoMate 5\AutoMate5Svc.exe" = C:\Program Files\AutoMate 5\AutoMate5Svc.exe:*:Disabled:AutoMate 5 Task Service -- (Network Automation, Inc.)
"C:\Program Files\FileMaker\FileMaker Pro 9 Advanced\FileMaker Pro Advanced.exe" = C:\Program Files\FileMaker\FileMaker Pro 9 Advanced\FileMaker Pro Advanced.exe:*:Enabled:FileMaker Pro Advanced -- (FileMaker, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0CDA14BF-6D0A-44E2-A970-ED43CDDCC495}" = hppLJM2727
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1161671B-4079-43FE-8F4F-FD48C0217B46}" = Panavue ImageAssembler 3.5.0 (Trial)
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21FEE823-3027-4B83-B499-7E525B05A94B}" = AutoMate 5
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{25A0133B-8BAC-4E61-8F43-DC6D9D9FE80B}" = Microsoft Office Live Meeting 2005
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3696FDA6-8883-4B1B-8D56-C8DB65052FCA}" = hppscanM2727
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FEC3A5B-60FF-4626-B425-08E09B121A15}" = LogMeIn
"{439113CE-2797-47E8-BA3D-03F300777207}" = HostExplorer 2008
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4CD3D573-2176-44AA-B85C-6E2FFD3F8015}" = hppFaxUtility
"{5237273A-F744-462F-ADB0-E545EE4359FC}" = hppusgM2727
"{57C0B860-F0D4-4F87-9855-361183AE1F6F}" = hppSendFax
"{5D5D5856-A0DB-4C62-89C4-D3270A38A701}" = hppFaxDrvM2727
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C9DA1BC-CDE6-458F-AE11-7124E881EF23}" = FileMaker Pro 9 Advanced
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{9DC5A033-23DA-4083-B9E2-ED0EC78E2ED9}" = hppManualsM2727
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0DB4D2C-E85B-4C23-A4F2-F1B95D3C3BE8}" = Crystal Reports 10
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A964774D-6D5A-4925-AA9A-A45329C90EEA}" = hpzTLBXFX
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF107E4C-C9AC-4B89-847D-900597E0B0B4}" = hppScanTo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C348ED34-C35F-4FDF-A46E-DF27542C2F45}" = Scan
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.22
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4C5CF89-51BC-4B2B-9057-EA2D24B56148}" = hppIOFiles
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E51BD3A9-BEF0-40DA-8718-C37AF53EF877}" = hppTLBXFXM2727
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 7.0 Standard - V" = Adobe Acrobat 7.1.0 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"Digital Media LE" = Roxio Digital Media LE
"DPP" = Canon Utilities Digital Photo Professional 3.2
"FileZilla Client" = FileZilla Client 3.3.0.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP LaserJet M2727" = HP LaserJet M2727 MFP Series 1.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAS 90 for Windows Workstation" = MAS 90 for Windows Workstation
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MyCamera" = Canon Utilities MyCamera
"Nice PDF Compressor_is1" = Nice PDF Compressor 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"Oracle JInitiator 1.3.1.8" = Oracle JInitiator 1.3.1.8
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Photodex Presenter" = Photodex Presenter
"Picasa2" = Picasa 2
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PrassiPrimoDVD2.0(English)" = Prassi PrimoDVD 2.0 (English)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Silent Package Run-Time Sample" = EPSON Perfection V500P User's Guide
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2009 9:21:58 AM | Computer Name = WALDORF | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 12/11/2009 1:20:56 PM | Computer Name = WALDORF | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\Joel\ntuser.dat

Error - 12/11/2009 1:21:27 PM | Computer Name = WALDORF | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 12/11/2009 1:21:27 PM | Computer Name = WALDORF | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 12/11/2009 1:21:58 PM | Computer Name = WALDORF | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 12/11/2009 6:17:30 PM | Computer Name = WALDORF | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 12/11/2009 6:18:20 PM | Computer Name = WALDORF | Source = Application Hang | ID = 1002
Description = Hanging application ntbackup.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2009 2:21:38 AM | Computer Name = WALDORF | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 12/12/2009 8:04:04 AM | Computer Name = WALDORF | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/12/2009 10:21:38 AM | Computer Name = WALDORF | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 12/11/2009 6:32:12 AM | Computer Name = WALDORF | Source = BROWSER | ID = 8009
Description = The browser was unable to promote itself to master browser. The computer
that currently believes it is the master browser is UHP-EWEB.

Error - 12/11/2009 8:34:45 AM | Computer Name = WALDORF | Source = BROWSER | ID = 8009
Description = The browser was unable to promote itself to master browser. The computer
that currently believes it is the master browser is UHP-EWEB.

Error - 12/11/2009 8:34:45 AM | Computer Name = WALDORF | Source = BROWSER | ID = 8019
Description = The browser was unable to promote itself to master browser. The browser
will continue to attempt to promote itself to the master browser, but will no longer
log any events in the event log in Event Viewer.

Error - 12/11/2009 6:21:56 PM | Computer Name = WALDORF | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/11/2009 6:21:56 PM | Computer Name = WALDORF | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/11/2009 6:23:24 PM | Computer Name = WALDORF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the System Update service
to connect.

Error - 12/11/2009 6:23:24 PM | Computer Name = WALDORF | Source = Service Control Manager | ID = 7000
Description = The System Update service failed to start due to the following error:
%%1053

Error - 12/11/2009 6:24:10 PM | Computer Name = WALDORF | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/11/2009 9:29:07 PM | Computer Name = WALDORF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/11/2009 10:16:12 PM | Computer Name = WALDORF | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >

#4 mrlucky808

mrlucky808
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 12 December 2009 - 08:52 PM

The forum said that the GMER log is too big. I noticed that the "show all" box was greyed out and unchecked. I hope that this didn't cause a problem. I've uploaded the GMER log as an attachment.

Attached Files

  • Attached File  gmer.txt   283.76KB   3 downloads


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 13 December 2009 - 11:08 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [506 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [1 C:\Documents and Settings\JoelC\My Documents\*.tmp files -> C:\Documents and Settings\JoelC\My Documents\*.tmp -> ]
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

====================



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 mrlucky808

mrlucky808
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 13 December 2009 - 04:16 PM

Okay. Everything went smoothly I think. Here is the OTL log as well as the TDSSkiller log.

All processes killed
========== OTL ==========
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET11B7.tmp deleted successfully.
C:\WINDOWS\System32\SET11BC.tmp deleted successfully.
C:\WINDOWS\System32\SET11C1.tmp deleted successfully.
C:\WINDOWS\System32\SET11F2.tmp deleted successfully.
C:\WINDOWS\System32\SET11F4.tmp deleted successfully.
C:\WINDOWS\System32\SET150.tmp deleted successfully.
C:\WINDOWS\System32\SET151.tmp deleted successfully.
C:\WINDOWS\System32\SET153.tmp deleted successfully.
C:\WINDOWS\System32\SET155.tmp deleted successfully.
C:\WINDOWS\System32\SET156.tmp deleted successfully.
C:\WINDOWS\System32\SET157.tmp deleted successfully.
C:\WINDOWS\System32\SET15B3.tmp deleted successfully.
C:\WINDOWS\System32\SET15B8.tmp deleted successfully.
C:\WINDOWS\System32\SET15BD.tmp deleted successfully.
C:\WINDOWS\System32\SET15C5.tmp deleted successfully.
C:\WINDOWS\System32\SET15E.tmp deleted successfully.
C:\WINDOWS\System32\SET15EE.tmp deleted successfully.
C:\WINDOWS\System32\SET15F.tmp deleted successfully.
C:\WINDOWS\System32\SET15F0.tmp deleted successfully.
C:\WINDOWS\System32\SET162.tmp deleted successfully.
C:\WINDOWS\System32\SET167.tmp deleted successfully.
C:\WINDOWS\System32\SET168.tmp deleted successfully.
C:\WINDOWS\System32\SET169.tmp deleted successfully.
C:\WINDOWS\System32\SET16B.tmp deleted successfully.
C:\WINDOWS\System32\SET16C.tmp deleted successfully.
C:\WINDOWS\System32\SET16D.tmp deleted successfully.
C:\WINDOWS\System32\SET16E.tmp deleted successfully.
C:\WINDOWS\System32\SET16F.tmp deleted successfully.
C:\WINDOWS\System32\SET171.tmp deleted successfully.
C:\WINDOWS\System32\SET172.tmp deleted successfully.
C:\WINDOWS\System32\SET173.tmp deleted successfully.
C:\WINDOWS\System32\SET174.tmp deleted successfully.
C:\WINDOWS\System32\SET177.tmp deleted successfully.
C:\WINDOWS\System32\SET17E.tmp deleted successfully.
C:\WINDOWS\System32\SET17F.tmp deleted successfully.
C:\WINDOWS\System32\SET180.tmp deleted successfully.
C:\WINDOWS\System32\SET181.tmp deleted successfully.
C:\WINDOWS\System32\SET184.tmp deleted successfully.
C:\WINDOWS\System32\SET186.tmp deleted successfully.
C:\WINDOWS\System32\SET187.tmp deleted successfully.
C:\WINDOWS\System32\SET18A.tmp deleted successfully.
C:\WINDOWS\System32\SET18E.tmp deleted successfully.
C:\WINDOWS\System32\SET191.tmp deleted successfully.
C:\WINDOWS\System32\SET192.tmp deleted successfully.
C:\WINDOWS\System32\SET194.tmp deleted successfully.
C:\WINDOWS\System32\SET195.tmp deleted successfully.
C:\WINDOWS\System32\SET196.tmp deleted successfully.
C:\WINDOWS\System32\SET19B.tmp deleted successfully.
C:\WINDOWS\System32\SET19C.tmp deleted successfully.
C:\WINDOWS\System32\SET19D.tmp deleted successfully.
C:\WINDOWS\System32\SET19E.tmp deleted successfully.
C:\WINDOWS\System32\SET19F.tmp deleted successfully.
C:\WINDOWS\System32\SET1A5.tmp deleted successfully.
C:\WINDOWS\System32\SET1AA.tmp deleted successfully.
C:\WINDOWS\System32\SET1AB.tmp deleted successfully.
C:\WINDOWS\System32\SET1AF.tmp deleted successfully.
C:\WINDOWS\System32\SET1B0.tmp deleted successfully.
C:\WINDOWS\System32\SET1B2.tmp deleted successfully.
C:\WINDOWS\System32\SET1B3.tmp deleted successfully.
C:\WINDOWS\System32\SET1BA.tmp deleted successfully.
C:\WINDOWS\System32\SET1BB.tmp deleted successfully.
C:\WINDOWS\System32\SET1BE.tmp deleted successfully.
C:\WINDOWS\System32\SET1C1.tmp deleted successfully.
C:\WINDOWS\System32\SET1C2.tmp deleted successfully.
C:\WINDOWS\System32\SET1CB.tmp deleted successfully.
C:\WINDOWS\System32\SET1CC.tmp deleted successfully.
C:\WINDOWS\System32\SET1CF.tmp deleted successfully.
C:\WINDOWS\System32\SET1D2.tmp deleted successfully.
C:\WINDOWS\System32\SET1D3.tmp deleted successfully.
C:\WINDOWS\System32\SET1D4.tmp deleted successfully.
C:\WINDOWS\System32\SET1D5.tmp deleted successfully.
C:\WINDOWS\System32\SET1D6.tmp deleted successfully.
C:\WINDOWS\System32\SET1DA.tmp deleted successfully.
C:\WINDOWS\System32\SET1E6.tmp deleted successfully.
C:\WINDOWS\System32\SET1EB.tmp deleted successfully.
C:\WINDOWS\System32\SET1ED.tmp deleted successfully.
C:\WINDOWS\System32\SET1EF.tmp deleted successfully.
C:\WINDOWS\System32\SET1F0.tmp deleted successfully.
C:\WINDOWS\System32\SET1F1.tmp deleted successfully.
C:\WINDOWS\System32\SET1F4.tmp deleted successfully.
C:\WINDOWS\System32\SET1F5.tmp deleted successfully.
C:\WINDOWS\System32\SET1F9.tmp deleted successfully.
C:\WINDOWS\System32\SET1FA.tmp deleted successfully.
C:\WINDOWS\System32\SET1FD.tmp deleted successfully.
C:\WINDOWS\System32\SET1FE.tmp deleted successfully.
C:\WINDOWS\System32\SET1FF.tmp deleted successfully.
C:\WINDOWS\System32\SET205.tmp deleted successfully.
C:\WINDOWS\System32\SET206.tmp deleted successfully.
C:\WINDOWS\System32\SET207.tmp deleted successfully.
C:\WINDOWS\System32\SET20F.tmp deleted successfully.
C:\WINDOWS\System32\SET215.tmp deleted successfully.
C:\WINDOWS\System32\SET216.tmp deleted successfully.
C:\WINDOWS\System32\SET217.tmp deleted successfully.
C:\WINDOWS\System32\SET21A.tmp deleted successfully.
C:\WINDOWS\System32\SET21F.tmp deleted successfully.
C:\WINDOWS\System32\SET220.tmp deleted successfully.
C:\WINDOWS\System32\SET22C.tmp deleted successfully.
C:\WINDOWS\System32\SET22E.tmp deleted successfully.
C:\WINDOWS\System32\SET230.tmp deleted successfully.
C:\WINDOWS\System32\SET231.tmp deleted successfully.
C:\WINDOWS\System32\SET232.tmp deleted successfully.
C:\WINDOWS\System32\SET23D.tmp deleted successfully.
C:\WINDOWS\System32\SET23F.tmp deleted successfully.
C:\WINDOWS\System32\SET240.tmp deleted successfully.
C:\WINDOWS\System32\SET243.tmp deleted successfully.
C:\WINDOWS\System32\SET245.tmp deleted successfully.
C:\WINDOWS\System32\SET249.tmp deleted successfully.
C:\WINDOWS\System32\SET24E.tmp deleted successfully.
C:\WINDOWS\System32\SET252.tmp deleted successfully.
C:\WINDOWS\System32\SET258.tmp deleted successfully.
C:\WINDOWS\System32\SET25A.tmp deleted successfully.
C:\WINDOWS\System32\SET25B.tmp deleted successfully.
C:\WINDOWS\System32\SET25C.tmp deleted successfully.
C:\WINDOWS\System32\SET263.tmp deleted successfully.
C:\WINDOWS\System32\SET264.tmp deleted successfully.
C:\WINDOWS\System32\SET267.tmp deleted successfully.
C:\WINDOWS\System32\SET268.tmp deleted successfully.
C:\WINDOWS\System32\SET269.tmp deleted successfully.
C:\WINDOWS\System32\SET26A.tmp deleted successfully.
C:\WINDOWS\System32\SET26B.tmp deleted successfully.
C:\WINDOWS\System32\SET26D.tmp deleted successfully.
C:\WINDOWS\System32\SET26E.tmp deleted successfully.
C:\WINDOWS\System32\SET26F.tmp deleted successfully.
C:\WINDOWS\System32\SET271.tmp deleted successfully.
C:\WINDOWS\System32\SET272.tmp deleted successfully.
C:\WINDOWS\System32\SET273.tmp deleted successfully.
C:\WINDOWS\System32\SET276.tmp deleted successfully.
C:\WINDOWS\System32\SET279.tmp deleted successfully.
C:\WINDOWS\System32\SET27E.tmp deleted successfully.
C:\WINDOWS\System32\SET27F.tmp deleted successfully.
C:\WINDOWS\System32\SET280.tmp deleted successfully.
C:\WINDOWS\System32\SET285.tmp deleted successfully.
C:\WINDOWS\System32\SET286.tmp deleted successfully.
C:\WINDOWS\System32\SET287.tmp deleted successfully.
C:\WINDOWS\System32\SET289.tmp deleted successfully.
C:\WINDOWS\System32\SET28C.tmp deleted successfully.
C:\WINDOWS\System32\SET28E.tmp deleted successfully.
C:\WINDOWS\System32\SET28F.tmp deleted successfully.
C:\WINDOWS\System32\SET292.tmp deleted successfully.
C:\WINDOWS\System32\SET293.tmp deleted successfully.
C:\WINDOWS\System32\SET296.tmp deleted successfully.
C:\WINDOWS\System32\SET299.tmp deleted successfully.
C:\WINDOWS\System32\SET29A.tmp deleted successfully.
C:\WINDOWS\System32\SET29C.tmp deleted successfully.
C:\WINDOWS\System32\SET29D.tmp deleted successfully.
C:\WINDOWS\System32\SET2A1.tmp deleted successfully.
C:\WINDOWS\System32\SET2A3.tmp deleted successfully.
C:\WINDOWS\System32\SET2A6.tmp deleted successfully.
C:\WINDOWS\System32\SET2AB.tmp deleted successfully.
C:\WINDOWS\System32\SET2AC.tmp deleted successfully.
C:\WINDOWS\System32\SET2AD.tmp deleted successfully.
C:\WINDOWS\System32\SET2B0.tmp deleted successfully.
C:\WINDOWS\System32\SET2B1.tmp deleted successfully.
C:\WINDOWS\System32\SET2B9.tmp deleted successfully.
C:\WINDOWS\System32\SET2BA.tmp deleted successfully.
C:\WINDOWS\System32\SET2BC.tmp deleted successfully.
C:\WINDOWS\System32\SET2BD.tmp deleted successfully.
C:\WINDOWS\System32\SET2C3.tmp deleted successfully.
C:\WINDOWS\System32\SET2C5.tmp deleted successfully.
C:\WINDOWS\System32\SET2C6.tmp deleted successfully.
C:\WINDOWS\System32\SET2C7.tmp deleted successfully.
C:\WINDOWS\System32\SET2C8.tmp deleted successfully.
C:\WINDOWS\System32\SET2CA.tmp deleted successfully.
C:\WINDOWS\System32\SET2CC.tmp deleted successfully.
C:\WINDOWS\System32\SET2D0.tmp deleted successfully.
C:\WINDOWS\System32\SET2D4.tmp deleted successfully.
C:\WINDOWS\System32\SET2DE.tmp deleted successfully.
C:\WINDOWS\System32\SET2E0.tmp deleted successfully.
C:\WINDOWS\System32\SET2E1.tmp deleted successfully.
C:\WINDOWS\System32\SET2E2.tmp deleted successfully.
C:\WINDOWS\System32\SET2E4.tmp deleted successfully.
C:\WINDOWS\System32\SET2E6.tmp deleted successfully.
C:\WINDOWS\System32\SET2E7.tmp deleted successfully.
C:\WINDOWS\System32\SET2EB.tmp deleted successfully.
C:\WINDOWS\System32\SET2ED.tmp deleted successfully.
C:\WINDOWS\System32\SET2EE.tmp deleted successfully.
C:\WINDOWS\System32\SET2F5.tmp deleted successfully.
C:\WINDOWS\System32\SET303.tmp deleted successfully.
C:\WINDOWS\System32\SET304.tmp deleted successfully.
C:\WINDOWS\System32\SET305.tmp deleted successfully.
C:\WINDOWS\System32\SET308.tmp deleted successfully.
C:\WINDOWS\System32\SET310.tmp deleted successfully.
C:\WINDOWS\System32\SET317.tmp deleted successfully.
C:\WINDOWS\System32\SET319.tmp deleted successfully.
C:\WINDOWS\System32\SET320.tmp deleted successfully.
C:\WINDOWS\System32\SET322.tmp deleted successfully.
C:\WINDOWS\System32\SET330.tmp deleted successfully.
C:\WINDOWS\System32\SET335.tmp deleted successfully.
C:\WINDOWS\System32\SET339.tmp deleted successfully.
C:\WINDOWS\System32\SET33B.tmp deleted successfully.
C:\WINDOWS\System32\SET33D.tmp deleted successfully.
C:\WINDOWS\System32\SET344.tmp deleted successfully.
C:\WINDOWS\System32\SET349.tmp deleted successfully.
C:\WINDOWS\System32\SET35C.tmp deleted successfully.
C:\WINDOWS\System32\SET35F.tmp deleted successfully.
C:\WINDOWS\System32\SET365.tmp deleted successfully.
C:\WINDOWS\System32\SET367.tmp deleted successfully.
C:\WINDOWS\System32\SET368.tmp deleted successfully.
C:\WINDOWS\System32\SET36E.tmp deleted successfully.
C:\WINDOWS\System32\SET372.tmp deleted successfully.
C:\WINDOWS\System32\SET37B.tmp deleted successfully.
C:\WINDOWS\System32\SET380.tmp deleted successfully.
C:\WINDOWS\System32\SET382.tmp deleted successfully.
C:\WINDOWS\System32\SET383.tmp deleted successfully.
C:\WINDOWS\System32\SET384.tmp deleted successfully.
C:\WINDOWS\System32\SET38E.tmp deleted successfully.
C:\WINDOWS\System32\SET392.tmp deleted successfully.
C:\WINDOWS\System32\SET39D.tmp deleted successfully.
C:\WINDOWS\System32\SET3AD.tmp deleted successfully.
C:\WINDOWS\System32\SET3AE.tmp deleted successfully.
C:\WINDOWS\System32\SET3B3.tmp deleted successfully.
C:\WINDOWS\System32\SET3D8.tmp deleted successfully.
C:\WINDOWS\System32\SET3DA.tmp deleted successfully.
C:\WINDOWS\System32\SET3E1.tmp deleted successfully.
C:\WINDOWS\System32\SET3E2.tmp deleted successfully.
C:\WINDOWS\System32\SET3E3.tmp deleted successfully.
C:\WINDOWS\System32\SET3E5.tmp deleted successfully.
C:\WINDOWS\System32\SET3E6.tmp deleted successfully.
C:\WINDOWS\System32\SET3E7.tmp deleted successfully.
C:\WINDOWS\System32\SET3E8.tmp deleted successfully.
C:\WINDOWS\System32\SET3EA.tmp deleted successfully.
C:\WINDOWS\System32\SET3EC.tmp deleted successfully.
C:\WINDOWS\System32\SET3ED.tmp deleted successfully.
C:\WINDOWS\System32\SET3EF.tmp deleted successfully.
C:\WINDOWS\System32\SET3F2.tmp deleted successfully.
C:\WINDOWS\System32\SET3F4.tmp deleted successfully.
C:\WINDOWS\System32\SET3F9.tmp deleted successfully.
C:\WINDOWS\System32\SET3FA.tmp deleted successfully.
C:\WINDOWS\System32\SET402.tmp deleted successfully.
C:\WINDOWS\System32\SET409.tmp deleted successfully.
C:\WINDOWS\System32\SET40E.tmp deleted successfully.
C:\WINDOWS\System32\SET411.tmp deleted successfully.
C:\WINDOWS\System32\SET414.tmp deleted successfully.
C:\WINDOWS\System32\SET416.tmp deleted successfully.
C:\WINDOWS\System32\SET41A.tmp deleted successfully.
C:\WINDOWS\System32\SET41C.tmp deleted successfully.
C:\WINDOWS\System32\SET41D.tmp deleted successfully.
C:\WINDOWS\System32\SET41E.tmp deleted successfully.
C:\WINDOWS\System32\SET421.tmp deleted successfully.
C:\WINDOWS\System32\SET422.tmp deleted successfully.
C:\WINDOWS\System32\SET426.tmp deleted successfully.
C:\WINDOWS\System32\SET427.tmp deleted successfully.
C:\WINDOWS\System32\SET42C.tmp deleted successfully.
C:\WINDOWS\System32\SET431.tmp deleted successfully.
C:\WINDOWS\System32\SET434.tmp deleted successfully.
C:\WINDOWS\System32\SET436.tmp deleted successfully.
C:\WINDOWS\System32\SET439.tmp deleted successfully.
C:\WINDOWS\System32\SET43A.tmp deleted successfully.
C:\WINDOWS\System32\SET43E.tmp deleted successfully.
C:\WINDOWS\System32\SET575.tmp deleted successfully.
C:\WINDOWS\System32\SET576.tmp deleted successfully.
C:\WINDOWS\System32\SET578.tmp deleted successfully.
C:\WINDOWS\System32\SET57A.tmp deleted successfully.
C:\WINDOWS\System32\SET57B.tmp deleted successfully.
C:\WINDOWS\System32\SET57C.tmp deleted successfully.
C:\WINDOWS\System32\SET583.tmp deleted successfully.
C:\WINDOWS\System32\SET584.tmp deleted successfully.
C:\WINDOWS\System32\SET587.tmp deleted successfully.
C:\WINDOWS\System32\SET58C.tmp deleted successfully.
C:\WINDOWS\System32\SET58D.tmp deleted successfully.
C:\WINDOWS\System32\SET58E.tmp deleted successfully.
C:\WINDOWS\System32\SET590.tmp deleted successfully.
C:\WINDOWS\System32\SET591.tmp deleted successfully.
C:\WINDOWS\System32\SET592.tmp deleted successfully.
C:\WINDOWS\System32\SET593.tmp deleted successfully.
C:\WINDOWS\System32\SET594.tmp deleted successfully.
C:\WINDOWS\System32\SET596.tmp deleted successfully.
C:\WINDOWS\System32\SET597.tmp deleted successfully.
C:\WINDOWS\System32\SET598.tmp deleted successfully.
C:\WINDOWS\System32\SET599.tmp deleted successfully.
C:\WINDOWS\System32\SET59C.tmp deleted successfully.
C:\WINDOWS\System32\SET59E.tmp deleted successfully.
C:\WINDOWS\System32\SET5A3.tmp deleted successfully.
C:\WINDOWS\System32\SET5A4.tmp deleted successfully.
C:\WINDOWS\System32\SET5A5.tmp deleted successfully.
C:\WINDOWS\System32\SET5A6.tmp deleted successfully.
C:\WINDOWS\System32\SET5A8.tmp deleted successfully.
C:\WINDOWS\System32\SET5A9.tmp deleted successfully.
C:\WINDOWS\System32\SET5AB.tmp deleted successfully.
C:\WINDOWS\System32\SET5AC.tmp deleted successfully.
C:\WINDOWS\System32\SET5AF.tmp deleted successfully.
C:\WINDOWS\System32\SET5B3.tmp deleted successfully.
C:\WINDOWS\System32\SET5B6.tmp deleted successfully.
C:\WINDOWS\System32\SET5B7.tmp deleted successfully.
C:\WINDOWS\System32\SET5B9.tmp deleted successfully.
C:\WINDOWS\System32\SET5BA.tmp deleted successfully.
C:\WINDOWS\System32\SET5BB.tmp deleted successfully.
C:\WINDOWS\System32\SET5C0.tmp deleted successfully.
C:\WINDOWS\System32\SET5C1.tmp deleted successfully.
C:\WINDOWS\System32\SET5C2.tmp deleted successfully.
C:\WINDOWS\System32\SET5C3.tmp deleted successfully.
C:\WINDOWS\System32\SET5C4.tmp deleted successfully.
C:\WINDOWS\System32\SET5CA.tmp deleted successfully.
C:\WINDOWS\System32\SET5CF.tmp deleted successfully.
C:\WINDOWS\System32\SET5D0.tmp deleted successfully.
C:\WINDOWS\System32\SET5D4.tmp deleted successfully.
C:\WINDOWS\System32\SET5D5.tmp deleted successfully.
C:\WINDOWS\System32\SET5D7.tmp deleted successfully.
C:\WINDOWS\System32\SET5D8.tmp deleted successfully.
C:\WINDOWS\System32\SET5DF.tmp deleted successfully.
C:\WINDOWS\System32\SET5E0.tmp deleted successfully.
C:\WINDOWS\System32\SET5E3.tmp deleted successfully.
C:\WINDOWS\System32\SET5E6.tmp deleted successfully.
C:\WINDOWS\System32\SET5E7.tmp deleted successfully.
C:\WINDOWS\System32\SET5F0.tmp deleted successfully.
C:\WINDOWS\System32\SET5F1.tmp deleted successfully.
C:\WINDOWS\System32\SET5F4.tmp deleted successfully.
C:\WINDOWS\System32\SET5F6.tmp deleted successfully.
C:\WINDOWS\System32\SET5F7.tmp deleted successfully.
C:\WINDOWS\System32\SET5F8.tmp deleted successfully.
C:\WINDOWS\System32\SET5F9.tmp deleted successfully.
C:\WINDOWS\System32\SET5FA.tmp deleted successfully.
C:\WINDOWS\System32\SET5FB.tmp deleted successfully.
C:\WINDOWS\System32\SET5FF.tmp deleted successfully.
C:\WINDOWS\System32\SET60B.tmp deleted successfully.
C:\WINDOWS\System32\SET610.tmp deleted successfully.
C:\WINDOWS\System32\SET612.tmp deleted successfully.
C:\WINDOWS\System32\SET614.tmp deleted successfully.
C:\WINDOWS\System32\SET615.tmp deleted successfully.
C:\WINDOWS\System32\SET616.tmp deleted successfully.
C:\WINDOWS\System32\SET617.tmp deleted successfully.
C:\WINDOWS\System32\SET619.tmp deleted successfully.
C:\WINDOWS\System32\SET61A.tmp deleted successfully.
C:\WINDOWS\System32\SET61E.tmp deleted successfully.
C:\WINDOWS\System32\SET61F.tmp deleted successfully.
C:\WINDOWS\System32\SET622.tmp deleted successfully.
C:\WINDOWS\System32\SET623.tmp deleted successfully.
C:\WINDOWS\System32\SET624.tmp deleted successfully.
C:\WINDOWS\System32\SET62A.tmp deleted successfully.
C:\WINDOWS\System32\SET62B.tmp deleted successfully.
C:\WINDOWS\System32\SET62C.tmp deleted successfully.
C:\WINDOWS\System32\SET634.tmp deleted successfully.
C:\WINDOWS\System32\SET63A.tmp deleted successfully.
C:\WINDOWS\System32\SET63B.tmp deleted successfully.
C:\WINDOWS\System32\SET63C.tmp deleted successfully.
C:\WINDOWS\System32\SET63D.tmp deleted successfully.
C:\WINDOWS\System32\SET63F.tmp deleted successfully.
C:\WINDOWS\System32\SET644.tmp deleted successfully.
C:\WINDOWS\System32\SET645.tmp deleted successfully.
C:\WINDOWS\System32\SET651.tmp deleted successfully.
C:\WINDOWS\System32\SET652.tmp deleted successfully.
C:\WINDOWS\System32\SET653.tmp deleted successfully.
C:\WINDOWS\System32\SET655.tmp deleted successfully.
C:\WINDOWS\System32\SET656.tmp deleted successfully.
C:\WINDOWS\System32\SET657.tmp deleted successfully.
C:\WINDOWS\System32\SET65C.tmp deleted successfully.
C:\WINDOWS\System32\SET662.tmp deleted successfully.
C:\WINDOWS\System32\SET664.tmp deleted successfully.
C:\WINDOWS\System32\SET665.tmp deleted successfully.
C:\WINDOWS\System32\SET668.tmp deleted successfully.
C:\WINDOWS\System32\SET66A.tmp deleted successfully.
C:\WINDOWS\System32\SET66E.tmp deleted successfully.
C:\WINDOWS\System32\SET673.tmp deleted successfully.
C:\WINDOWS\System32\SET677.tmp deleted successfully.
C:\WINDOWS\System32\SET67D.tmp deleted successfully.
C:\WINDOWS\System32\SET67F.tmp deleted successfully.
C:\WINDOWS\System32\SET680.tmp deleted successfully.
C:\WINDOWS\System32\SET681.tmp deleted successfully.
C:\WINDOWS\System32\SET688.tmp deleted successfully.
C:\WINDOWS\System32\SET689.tmp deleted successfully.
C:\WINDOWS\System32\SET68C.tmp deleted successfully.
C:\WINDOWS\System32\SET68D.tmp deleted successfully.
C:\WINDOWS\System32\SET68E.tmp deleted successfully.
C:\WINDOWS\System32\SET68F.tmp deleted successfully.
C:\WINDOWS\System32\SET690.tmp deleted successfully.
C:\WINDOWS\System32\SET692.tmp deleted successfully.
C:\WINDOWS\System32\SET693.tmp deleted successfully.
C:\WINDOWS\System32\SET694.tmp deleted successfully.
C:\WINDOWS\System32\SET696.tmp deleted successfully.
C:\WINDOWS\System32\SET697.tmp deleted successfully.
C:\WINDOWS\System32\SET698.tmp deleted successfully.
C:\WINDOWS\System32\SET69B.tmp deleted successfully.
C:\WINDOWS\System32\SET69E.tmp deleted successfully.
C:\WINDOWS\System32\SET6A3.tmp deleted successfully.
C:\WINDOWS\System32\SET6A4.tmp deleted successfully.
C:\WINDOWS\System32\SET6A5.tmp deleted successfully.
C:\WINDOWS\System32\SET6AA.tmp deleted successfully.
C:\WINDOWS\System32\SET6AB.tmp deleted successfully.
C:\WINDOWS\System32\SET6AC.tmp deleted successfully.
C:\WINDOWS\System32\SET6AE.tmp deleted successfully.
C:\WINDOWS\System32\SET6B1.tmp deleted successfully.
C:\WINDOWS\System32\SET6B3.tmp deleted successfully.
C:\WINDOWS\System32\SET6B4.tmp deleted successfully.
C:\WINDOWS\System32\SET6B7.tmp deleted successfully.
C:\WINDOWS\System32\SET6B8.tmp deleted successfully.
C:\WINDOWS\System32\SET6BB.tmp deleted successfully.
C:\WINDOWS\System32\SET6BE.tmp deleted successfully.
C:\WINDOWS\System32\SET6BF.tmp deleted successfully.
C:\WINDOWS\System32\SET6C2.tmp deleted successfully.
C:\WINDOWS\System32\SET6C6.tmp deleted successfully.
C:\WINDOWS\System32\SET6C8.tmp deleted successfully.
C:\WINDOWS\System32\SET6CB.tmp deleted successfully.
C:\WINDOWS\System32\SET6D1.tmp deleted successfully.
C:\WINDOWS\System32\SET6D2.tmp deleted successfully.
C:\WINDOWS\System32\SET6D5.tmp deleted successfully.
C:\WINDOWS\System32\SET6D6.tmp deleted successfully.
C:\WINDOWS\System32\SET6DE.tmp deleted successfully.
C:\WINDOWS\System32\SET6DF.tmp deleted successfully.
C:\WINDOWS\System32\SET6E1.tmp deleted successfully.
C:\WINDOWS\System32\SET6E2.tmp deleted successfully.
C:\WINDOWS\System32\SET6E8.tmp deleted successfully.
C:\WINDOWS\System32\SET6E9.tmp deleted successfully.
C:\WINDOWS\System32\SET6EA.tmp deleted successfully.
C:\WINDOWS\System32\SET6EB.tmp deleted successfully.
C:\WINDOWS\System32\SET6EC.tmp deleted successfully.
C:\WINDOWS\System32\SET6ED.tmp deleted successfully.
C:\WINDOWS\System32\SET6EF.tmp deleted successfully.
C:\WINDOWS\System32\SET6F1.tmp deleted successfully.
C:\WINDOWS\System32\SET6F3.tmp deleted successfully.
C:\WINDOWS\System32\SET6F4.tmp deleted successfully.
C:\WINDOWS\System32\SET6F5.tmp deleted successfully.
C:\WINDOWS\System32\SET6F9.tmp deleted successfully.
C:\WINDOWS\System32\SET703.tmp deleted successfully.
C:\WINDOWS\System32\SET705.tmp deleted successfully.
C:\WINDOWS\System32\SET706.tmp deleted successfully.
C:\WINDOWS\System32\SET707.tmp deleted successfully.
C:\WINDOWS\System32\SET709.tmp deleted successfully.
C:\WINDOWS\System32\SET70B.tmp deleted successfully.
C:\WINDOWS\System32\SET710.tmp deleted successfully.
C:\WINDOWS\System32\SET712.tmp deleted successfully.
C:\WINDOWS\System32\SET713.tmp deleted successfully.
C:\WINDOWS\System32\SET71A.tmp deleted successfully.
C:\WINDOWS\System32\SET725.tmp deleted successfully.
C:\WINDOWS\System32\SET728.tmp deleted successfully.
C:\WINDOWS\System32\SET729.tmp deleted successfully.
C:\WINDOWS\System32\SET72A.tmp deleted successfully.
C:\WINDOWS\System32\SET72D.tmp deleted successfully.
C:\WINDOWS\System32\SET735.tmp deleted successfully.
C:\WINDOWS\System32\SET73C.tmp deleted successfully.
C:\WINDOWS\System32\SET73E.tmp deleted successfully.
C:\WINDOWS\System32\SET745.tmp deleted successfully.
C:\WINDOWS\System32\SET747.tmp deleted successfully.
C:\WINDOWS\System32\SET74B.tmp deleted successfully.
C:\WINDOWS\System32\SET755.tmp deleted successfully.
C:\WINDOWS\System32\SET75A.tmp deleted successfully.
C:\WINDOWS\System32\SET75E.tmp deleted successfully.
C:\WINDOWS\System32\SET760.tmp deleted successfully.
C:\WINDOWS\System32\SET762.tmp deleted successfully.
C:\WINDOWS\System32\SET769.tmp deleted successfully.
C:\WINDOWS\System32\SET76A.tmp deleted successfully.
C:\WINDOWS\System32\SET76E.tmp deleted successfully.
C:\WINDOWS\System32\SET779.tmp deleted successfully.
C:\WINDOWS\System32\SET781.tmp deleted successfully.
C:\WINDOWS\System32\SET784.tmp deleted successfully.
C:\WINDOWS\System32\SET78A.tmp deleted successfully.
C:\WINDOWS\System32\SET78C.tmp deleted successfully.
C:\WINDOWS\System32\SET78D.tmp deleted successfully.
C:\WINDOWS\System32\SET793.tmp deleted successfully.
C:\WINDOWS\System32\SET797.tmp deleted successfully.
C:\WINDOWS\System32\SET7A5.tmp deleted successfully.
C:\WINDOWS\System32\SET7A7.tmp deleted successfully.
C:\WINDOWS\System32\SET7A8.tmp deleted successfully.
C:\WINDOWS\System32\SET7A9.tmp deleted successfully.
C:\WINDOWS\System32\SET7AB.tmp deleted successfully.
C:\WINDOWS\System32\SET7AC.tmp deleted successfully.
C:\WINDOWS\System32\SET7B3.tmp deleted successfully.
C:\WINDOWS\System32\SET7B7.tmp deleted successfully.
C:\WINDOWS\System32\SET7C2.tmp deleted successfully.
C:\WINDOWS\System32\SET7D2.tmp deleted successfully.
C:\WINDOWS\System32\SET7D3.tmp deleted successfully.
C:\WINDOWS\System32\SET7D8.tmp deleted successfully.
C:\WINDOWS\System32\SET7F4.tmp deleted successfully.
C:\WINDOWS\System32\SET7F5.tmp deleted successfully.
C:\WINDOWS\System32\SET7F8.tmp deleted successfully.
C:\WINDOWS\System32\SET7FF.tmp deleted successfully.
C:\WINDOWS\System32\SET806.tmp deleted successfully.
C:\WINDOWS\System32\SET807.tmp deleted successfully.
C:\WINDOWS\System32\SET808.tmp deleted successfully.
C:\WINDOWS\System32\SET80A.tmp deleted successfully.
C:\WINDOWS\System32\SET80B.tmp deleted successfully.
C:\WINDOWS\System32\SET80C.tmp deleted successfully.
C:\WINDOWS\System32\SET80D.tmp deleted successfully.
C:\WINDOWS\System32\SET80F.tmp deleted successfully.
C:\WINDOWS\System32\SET811.tmp deleted successfully.
C:\WINDOWS\System32\SET812.tmp deleted successfully.
C:\WINDOWS\System32\SET814.tmp deleted successfully.
C:\WINDOWS\System32\SET817.tmp deleted successfully.
C:\WINDOWS\System32\SET819.tmp deleted successfully.
C:\WINDOWS\System32\SET81E.tmp deleted successfully.
C:\WINDOWS\System32\SET81F.tmp deleted successfully.
C:\WINDOWS\System32\SET827.tmp deleted successfully.
C:\WINDOWS\System32\SET82E.tmp deleted successfully.
C:\WINDOWS\System32\SET833.tmp deleted successfully.
C:\WINDOWS\System32\SET836.tmp deleted successfully.
C:\WINDOWS\System32\SET839.tmp deleted successfully.
C:\WINDOWS\System32\SET83B.tmp deleted successfully.
C:\WINDOWS\System32\SET83F.tmp deleted successfully.
C:\WINDOWS\System32\SET841.tmp deleted successfully.
C:\WINDOWS\System32\SET842.tmp deleted successfully.
C:\WINDOWS\System32\SET843.tmp deleted successfully.
C:\WINDOWS\System32\SET846.tmp deleted successfully.
C:\WINDOWS\System32\SET847.tmp deleted successfully.
C:\WINDOWS\System32\SET84B.tmp deleted successfully.
C:\WINDOWS\System32\SET84C.tmp deleted successfully.
C:\WINDOWS\System32\SET84F.tmp deleted successfully.
C:\WINDOWS\System32\SET851.tmp deleted successfully.
C:\WINDOWS\System32\SET856.tmp deleted successfully.
C:\WINDOWS\System32\SET859.tmp deleted successfully.
C:\WINDOWS\System32\SET85B.tmp deleted successfully.
C:\WINDOWS\System32\SET85E.tmp deleted successfully.
C:\WINDOWS\System32\SET85F.tmp deleted successfully.
C:\WINDOWS\System32\SET861.tmp deleted successfully.
C:\WINDOWS\System32\SET863.tmp deleted successfully.
C:\WINDOWS\System32\SET9B3.tmp deleted successfully.
C:\WINDOWS\System32\SET9B9.tmp deleted successfully.
C:\WINDOWS\002906_.tmp deleted successfully.
C:\WINDOWS\002912_.tmp deleted successfully.
C:\WINDOWS\002920_.tmp deleted successfully.
C:\WINDOWS\SET466.tmp deleted successfully.
C:\WINDOWS\SET88B.tmp deleted successfully.
C:\WINDOWS\Fonts\SET470.tmp deleted successfully.
C:\WINDOWS\Fonts\SET471.tmp deleted successfully.
C:\WINDOWS\Fonts\SET472.tmp deleted successfully.
C:\WINDOWS\Fonts\SET473.tmp deleted successfully.
C:\WINDOWS\Fonts\SET474.tmp deleted successfully.
C:\WINDOWS\Fonts\SET475.tmp deleted successfully.
C:\WINDOWS\Fonts\SET895.tmp deleted successfully.
C:\WINDOWS\Fonts\SET896.tmp deleted successfully.
C:\WINDOWS\Fonts\SET897.tmp deleted successfully.
C:\WINDOWS\Fonts\SET898.tmp deleted successfully.
C:\WINDOWS\Fonts\SET899.tmp deleted successfully.
C:\WINDOWS\Fonts\SET89A.tmp deleted successfully.
C:\Documents and Settings\JoelC\My Documents\~WRL0868.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 123 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Joel
->Temp folder emptied: 47514235 bytes
->Temporary Internet Files folder emptied: 10128219 bytes

User: JoelC
->Temp folder emptied: 123148161 bytes
->Temporary Internet Files folder emptied: 12517830 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 106065252 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 31570225 bytes

User: NetworkService
->Temp folder emptied: 881316 bytes
->Temporary Internet Files folder emptied: 531498 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 63397721 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23942902 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3281962 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 403.63 mb


OTL by OldTimer - Version 3.1.16.0 log created on 12132009_085532

Files\Folders moved on Reboot...
C:\WINDOWS\temp\fla6.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\70JTMGXL\controller[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\70JTMGXL\controller[2] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\70JTMGXL\join[1].php moved successfully.

Registry entries deleted on Reboot...



Host Name: WALDORF
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Member Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Joel
Registered Organization:
Product ID: 76487-OEM-0011903-00107
Original Install Date: 6/29/2007, 5:28:43 AM
System Up Time: 21350398 Days, 5 Hours, 32 Minutes, 24 Seconds
System Manufacturer: LENOVO
System Model: 739355U
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 15 Model 6 Stepping 5 GenuineIntel ~2992 Mhz
BIOS Version: LENOVO - 44
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-10:00) Hawaii
Total Physical Memory: 2,038 MB
Available Physical Memory: 1,204 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 1,997 MB
Virtual Memory: In Use: 51 MB
Page File Location(s): C:\pagefile.sys
Domain: uhp.local
Logon Server: \\UHP-EWEB
Hotfix(s): 192 Hotfix(s) Installed.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: Q147222
[87]: M953297 - Update
[88]: S867460 - Update
[89]: Q927978
[90]: Q936181
[91]: Q954430
[92]: Q973688
[93]: KB898458 - Update
[94]: KB923723 - Update
[95]: IDNMitigationAPIs - Update
[96]: NLSDownlevelMapping - Update
[97]: KB952069_WM9
[98]: KB954155_WM9
[99]: KB968816_WM9
[100]: KB973540_WM9
[101]: KB917734_WMP10
[102]: KB936782_WMP10
[103]: KB925398_WMP64
[104]: KB923689
[105]: KB941569
[106]: KB933566-IE7 - Update
[107]: KB938127-IE7 - Update
[108]: KB936929 - Service Pack
[109]: KB923561 - Update
[110]: KB938464 - Update
[111]: KB946648 - Update
[112]: KB950759 - Update
[113]: KB950760 - Update
[114]: KB950762 - Update
[115]: KB950974 - Update
[116]: KB951066 - Update
[117]: KB951072-v2 - Update
[118]: KB951376 - Update
[119]: KB951376-v2 - Update
[120]: KB951698 - Update
[121]: KB951748 - Update
[122]: KB951978 - Update
[123]: KB952004 - Update
[124]: KB952287 - Update
[125]: KB952954 - Update
[126]: KB953838 - Update
[127]: KB953839 - Update
[128]: KB954211 - Update
[129]: KB954459 - Update
[130]: KB954550-v5 - Update
[131]: KB954600 - Update
[132]: KB955069 - Update
[133]: KB955839 - Update
[134]: KB956390 - Update
[135]: KB956391 - Update
[136]: KB956572 - Update
[137]: KB956744 - Update
[138]: KB956802 - Update
[139]: KB956803 - Update
[140]: KB956841 - Update
[141]: KB956844 - Update
[142]: KB957095 - Update
[143]: KB957097 - Update
[144]: KB958215 - Update
[145]: KB958644 - Update
[146]: KB958687 - Update
[147]: KB958690 - Update
[148]: KB958869 - Update
[149]: KB959426 - Update
[150]: KB960225 - Update
[151]: KB960714 - Update
[152]: KB960715 - Update
[153]: KB960803 - Update
[154]: KB960859 - Update
[155]: KB961118 - Update
[156]: KB961371 - Update
[157]: KB961373 - Update
[158]: KB961501 - Update
[159]: KB963027 - Update
[160]: KB967715 - Update
[161]: KB968389 - Update
[162]: KB968537 - Update
[163]: KB969059 - Update
[164]: KB969947 - Update
[165]: KB970238 - Update
[166]: KB970430 - Update
[167]: KB970653-v3 - Update
[168]: KB971486 - Update
[169]: KB971557 - Update
[170]: KB971633 - Update
[171]: KB971657 - Update
[172]: KB971737 - Update
[173]: KB971961 - Update
[174]: KB972260 - Update
[175]: KB973346 - Update
[176]: KB973354 - Update
[177]: KB973507 - Update
[178]: KB973525 - Update
[179]: KB973687 - Update
[180]: KB973815 - Update
[181]: KB973869 - Update
[182]: KB973904 - Update
[183]: KB974112 - Update
[184]: KB974318 - Update
[185]: KB974392 - Update
[186]: KB974455 - Update
[187]: KB974571 - Update
[188]: KB975025 - Update
[189]: KB975467 - Update
[190]: KB976098-v2 - Update
[191]: KB976325 - Update
[192]: KB976749 - Update
NetWork Card(s): 1 NIC(s) Installed.
[01]: Broadcom NetLink ™ Gigabit Ethernet
Connection Name: Local Area Connection
DHCP Enabled: No
IP address(es)
[01]: 128.171.187.21
10:49:19:62 5464 ForceUnloadDriver: NtUnloadDriver error 2
10:49:19:187 5464 ForceUnloadDriver: NtUnloadDriver error 2
10:49:19:296 5464 ForceUnloadDriver: NtUnloadDriver error 2
10:49:19:500 5464 main: Driver KLMD successfully dropped
10:49:19:515 5464 main: Driver KLMD successfully loaded
10:49:19:515 5464
Scanning Registry ...
10:49:19:562 5464 ScanServices: Searching service UACd.sys
10:49:19:562 5464 ScanServices: Open/Create key error 2
10:49:19:562 5464 ScanServices: Searching service TDSSserv.sys
10:49:19:562 5464 ScanServices: Open/Create key error 2
10:49:19:562 5464 ScanServices: Searching service gaopdxserv.sys
10:49:19:562 5464 ScanServices: Open/Create key error 2
10:49:19:562 5464 ScanServices: Searching service gxvxcserv.sys
10:49:19:562 5464 ScanServices: Open/Create key error 2
10:49:19:562 5464 ScanServices: Searching service MSIVXserv.sys
10:49:19:562 5464 ScanServices: Open/Create key error 2
10:49:19:562 5464 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
10:49:19:625 5464 UnhookRegistry: Kernel local addr: C40000
10:49:19:625 5464 UnhookRegistry: KeServiceDescriptorTable addr: CC5700
10:49:19:656 5464 UnhookRegistry: KiServiceTable addr: C6D460
10:49:19:656 5464 UnhookRegistry: NtEnumerateKey service number (local): 47
10:49:19:656 5464 UnhookRegistry: NtEnumerateKey local addr: D8CFF2
10:49:19:656 5464 KLMD_OpenDevice: Trying to open KLMD device
10:49:19:656 5464 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
10:49:19:656 5464 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
10:49:19:656 5464 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
10:49:19:656 5464 UnhookRegistry: NtEnumerateKey service number (kernel): 47
10:49:19:656 5464 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
10:49:19:656 5464 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
10:49:19:656 5464 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
10:49:19:656 5464 UnhookRegistry: No SDT hooks found on NtEnumerateKey
10:49:19:656 5464 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
10:49:19:656 5464 UnhookRegistry: No splicing found on NtEnumerateKey
10:49:19:656 5464
Scanning Kernel memory ...
10:49:19:656 5464 KLMD_OpenDevice: Trying to open KLMD device
10:49:19:656 5464 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
10:49:19:656 5464 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
10:49:19:656 5464 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A62CA08
10:49:19:656 5464 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
10:49:19:656 5464 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A633030
10:49:19:656 5464 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A633030
10:49:19:656 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A633030[0x38]
10:49:19:656 5464 DetectCureTDL3: DRIVER_OBJECT addr: 8A62CA08
10:49:19:656 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A62CA08[0xA8]
10:49:19:656 5464 KLMD_ReadMem: Trying to ReadMemory 0xE1684A18[0x208]
10:49:19:656 5464 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:49:19:656 5464 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
10:49:19:656 5464 DetectCureTDL3: IrpHandler (1) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
10:49:19:656 5464 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
10:49:19:656 5464 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
10:49:19:656 5464 DetectCureTDL3: IrpHandler (5) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (6) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (7) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (8) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
10:49:19:656 5464 DetectCureTDL3: IrpHandler (10) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (11) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (12) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (13) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
10:49:19:656 5464 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
10:49:19:656 5464 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
10:49:19:656 5464 DetectCureTDL3: IrpHandler (17) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (18) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (19) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (20) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (21) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
10:49:19:656 5464 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
10:49:19:656 5464 DetectCureTDL3: IrpHandler (24) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (25) addr: 804F4562
10:49:19:656 5464 DetectCureTDL3: IrpHandler (26) addr: 804F4562
10:49:19:656 5464 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:49:19:656 5464 KLMD_ReadMem: DeviceIoControl error 1
10:49:19:656 5464 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:49:19:656 5464 TDL3_FileDetect: Processing driver: Disk
10:49:19:656 5464 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:49:19:656 5464 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:49:19:656 5464 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:49:19:687 5464 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A627C68
10:49:19:687 5464 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A627C68
10:49:19:687 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A627C68[0x38]
10:49:19:687 5464 DetectCureTDL3: DRIVER_OBJECT addr: 8A62CA08
10:49:19:687 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A62CA08[0xA8]
10:49:19:687 5464 KLMD_ReadMem: Trying to ReadMemory 0xE1684A18[0x208]
10:49:19:687 5464 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:49:19:687 5464 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0
10:49:19:687 5464 DetectCureTDL3: IrpHandler (1) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0
10:49:19:687 5464 DetectCureTDL3: IrpHandler (3) addr: BA108D1F
10:49:19:687 5464 DetectCureTDL3: IrpHandler (4) addr: BA108D1F
10:49:19:687 5464 DetectCureTDL3: IrpHandler (5) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (6) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (7) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (8) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (9) addr: BA1092E2
10:49:19:687 5464 DetectCureTDL3: IrpHandler (10) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (11) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (12) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (13) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (14) addr: BA1093BB
10:49:19:687 5464 DetectCureTDL3: IrpHandler (15) addr: BA10CF28
10:49:19:687 5464 DetectCureTDL3: IrpHandler (16) addr: BA1092E2
10:49:19:687 5464 DetectCureTDL3: IrpHandler (17) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (18) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (19) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (20) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (21) addr: 804F4562
10:49:19:687 5464 DetectCureTDL3: IrpHandler (22) addr: BA10AC82
10:49:19:703 5464 DetectCureTDL3: IrpHandler (23) addr: BA10F99E
10:49:19:703 5464 DetectCureTDL3: IrpHandler (24) addr: 804F4562
10:49:19:703 5464 DetectCureTDL3: IrpHandler (25) addr: 804F4562
10:49:19:703 5464 DetectCureTDL3: IrpHandler (26) addr: 804F4562
10:49:19:703 5464 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:49:19:703 5464 KLMD_ReadMem: DeviceIoControl error 1
10:49:19:703 5464 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:49:19:703 5464 TDL3_FileDetect: Processing driver: Disk
10:49:19:703 5464 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\tsk_disk.sys, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\tsk_disk.sys
10:49:19:703 5464 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:49:19:703 5464 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:49:19:750 5464 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A622AB8
10:49:19:750 5464 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A622AB8
10:49:19:750 5464 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A626E98
10:49:19:750 5464 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A626E98
10:49:19:750 5464 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A625940
10:49:19:750 5464 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A625940
10:49:19:750 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A625940[0x38]
10:49:19:750 5464 DetectCureTDL3: DRIVER_OBJECT addr: 8A5B12C8
10:49:19:750 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A5B12C8[0xA8]
10:49:19:750 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A626030[0x38]
10:49:19:750 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A627B30[0xA8]
10:49:19:750 5464 KLMD_ReadMem: Trying to ReadMemory 0xE10239D0[0x208]
10:49:19:750 5464 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
10:49:19:750 5464 DetectCureTDL3: IrpHandler (0) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (1) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (2) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (3) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (4) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (5) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (6) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (7) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (8) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (9) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (10) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (11) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (12) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (13) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (14) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (15) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (16) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (17) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (18) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (19) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (20) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (21) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (22) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (23) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (24) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (25) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: IrpHandler (26) addr: 8A5D7618
10:49:19:750 5464 DetectCureTDL3: All IRP handlers pointed to one addr: 8A5D7618
10:49:19:750 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A5D7618[0x400]
10:49:19:750 5464 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
10:49:19:750 5464 Driver "atapi" Irp handler infected by TDSS rootkit ... 10:49:19:750 5464 KLMD_WriteMem: Trying to WriteMemory 0x8A5D767D[0xD]
10:49:19:750 5464 cured
10:49:19:750 5464 KLMD_ReadMem: Trying to ReadMemory 0x8A5D74BF[0x400]
10:49:19:750 5464 TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 1
10:49:19:750 5464 Driver "atapi" StartIo handler infected by TDSS rootkit ... 10:49:19:750 5464 TDL3_StartIoHookCure: Number of patches 1
10:49:19:750 5464 KLMD_WriteMem: Trying to WriteMemory 0x8A5D75B6[0x6]
10:49:19:750 5464 cured
10:49:19:750 5464 TDL3_FileDetect: Processing driver: atapi
10:49:19:750 5464 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
10:49:19:750 5464 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
10:49:19:750 5464 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
10:49:19:765 5464 File C:\WINDOWS\system32\drivers\atapi.sys infected by TDSS rootkit ... 10:49:19:765 5464 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
10:49:19:765 5464 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
10:49:19:765 5464 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\Drivers\tsk_atapi.sys
10:49:20:78 5464 TDL3_FileCure: Image path (system32\Drivers\tsk_atapi.sys) was set for service (SYSTEM\CurrentControlSet\Services\atapi)
10:49:20:78 5464 TDL3_FileCure: KLMD_PendCopyFileW (C:\WINDOWS\system32\Drivers\tsk_atapi.sys, C:\WINDOWS\system32\drivers\atapi.sys) success
10:49:20:78 5464 will be cured on next reboot
10:49:20:93 5464
Completed

Results:
10:49:20:93 5464 Infected objects in memory: 2
10:49:20:93 5464 Cured objects in memory: 2
10:49:20:93 5464 Infected objects on disk: 1
10:49:20:93 5464 Objects on disk cured on reboot: 1
10:49:20:93 5464 Objects on disk deleted on reboot: 0
10:49:20:93 5464 Registry nodes deleted on reboot: 0
10:49:20:93 5464

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 14 December 2009 - 07:30 AM

Make sure you reboot and then let me know how your computer is behaving.
Any more redirections?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 mrlucky808

mrlucky808
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 14 December 2009 - 11:34 AM

No redirects!!! Thank you so much! Is there anything else I should do?

If not, I'll figure out how to make a donation. You are awesome!

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 14 December 2009 - 08:39 PM

:(

Just a little cleaning up and then I'll post some recommendations for you.

It's time to clean up.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:57 PM

Posted 26 December 2009 - 08:20 PM

Now that your problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users