Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-rootkit/GEN Trojan.Agent/GEN-Alureon


  • This topic is locked This topic is locked
10 replies to this topic

#1 northview

northview

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 25 January 2010 - 10:48 PM

Good Evening, I have scanned my computer with malware bytes, Super Anti-Spyware, Microsoft Security Essentials. I have used Combo-Fix (That wiped my PC out) Thanks to you guys I was able to get it back. I still can not get rid of this Trojan-rootkit/GEN Trojan.Agent/GEN-Alureon. Please Assist. Here are the DDS requested


DDS (Ver_09-12-01.01) - NTFSx86
Run by lorrie at 21:59:20.82 on Mon 01/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.396 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\DSpro\Programs\ERIElink.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lorrie\Local Settings\Temporary Internet Files\Content.IE5\KUF5FZLS\dds[1].scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.focusonthefamily.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ERIElink] c:\dspro\programs\ERIElink.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [x3watch] c:\program files\x3watch\x3watch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://66.21.89.241/controls/LTOCX14N.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alexanderrod.com/view/tiffx.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218155068512
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://66.21.89.241/controls/prntpro2.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} - hxxp://ddrint13.gmacinsurance.com/ddrint/work/iedpwenu.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {C3A256DC-9033-41EE-86D8-483A1B4C928A} = 192.168.76.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
S0 dbynnngc;dbynnngc;c:\windows\system32\drivers\dwjhgs.sys --> c:\windows\system32\drivers\dwjhgs.sys [?]
S0 smpsv;smpsv;c:\windows\system32\drivers\glcbrhq.sys --> c:\windows\system32\drivers\glcbrhq.sys [?]
S0 yjfu;yjfu;c:\windows\system32\drivers\grbidc.sys --> c:\windows\system32\drivers\grbidc.sys [?]
S1 RawIp;RawIp;c:\windows\system32\drivers\RawIp.sys [2010-1-21 0]
S1 zxbnelrw;zxbnelrw;\??\c:\windows\system32\drivers\zxbnelrw.sys --> c:\windows\system32\drivers\zxbnelrw.sys [?]
S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2006-12-29 24576]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
UnknownUnknown 78q8H64;78q8H64; [x]

=============== Created Last 30 ================

2010-01-25 17:33:46 0 d-s---w- C:\ComboFix
2010-01-25 15:05:08 0 d-----w- c:\docume~1\lorrie\applic~1\x3watch
2010-01-25 01:24:18 0 d-----w- c:\documents and settings\lorrie\viewone
2010-01-25 01:24:18 0 d-----w- c:\documents and settings\lorrie\UserData
2010-01-25 01:24:15 0 d-sh--w- c:\documents and settings\lorrie\PrivacIE
2010-01-25 01:24:15 0 d-----w- c:\documents and settings\lorrie\OkiData
2010-01-25 01:23:22 0 d-----w- c:\documents and settings\lorrie\jwalk_cache
2010-01-25 01:23:14 0 d-----w- c:\docume~1\lorrie\applic~1\SUPERAntiSpyware.com
2010-01-25 01:23:11 0 d-----w- c:\docume~1\lorrie\applic~1\Malwarebytes
2010-01-25 01:22:03 0 d-----w- c:\documents and settings\all users\DRM
2010-01-25 01:22:02 0 d-----w- c:\docume~1\alluse~1\applic~1\x3watch
2010-01-25 01:21:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-01-25 01:21:47 0 d-----w- c:\docume~1\alluse~1\applic~1\SBSI
2010-01-25 01:21:47 0 d-----w- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2010-01-25 01:21:41 643 ----a-w- c:\docume~1\alluse~1\applic~1\h8srtkrl32mainweq.dll
2010-01-25 01:21:41 16324 ----a-w- c:\docume~1\alluse~1\applic~1\h8srtmainqt.dll
2010-01-25 01:21:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 01:21:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications
2010-01-25 00:19:32 73 ----a-w- C:\rec.bat
2010-01-24 22:53:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-24 22:53:05 0 d-----w- c:\docume~1\lorrie\applic~1\Windows Desktop Search
2010-01-24 22:45:52 0 d-sh--w- c:\documents and settings\lorrie\IECompatCache
2010-01-24 22:45:19 0 d-sh--w- c:\documents and settings\lorrie\IETldCache
2010-01-24 22:42:25 278 --sh--w- c:\documents and settings\lorrie\ntuser.ini
2010-01-24 21:55:03 0 d-sha-r- C:\cmdcons
2010-01-24 21:44:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-23 00:58:57 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-22 22:42:38 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-22 22:36:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-22 22:29:11 98816 ----a-w- c:\windows\sed.exe
2010-01-22 22:29:11 77312 ----a-w- c:\windows\MBR.exe
2010-01-22 22:29:11 261632 ----a-w- c:\windows\PEV.exe
2010-01-22 22:29:11 161792 ----a-w- c:\windows\SWREG.exe
2010-01-22 21:49:29 0 d-----w- c:\program files\Trend Micro
2010-01-22 21:48:38 0 d-----w- C:\32788R22FWJFW.1.tmp
2010-01-22 11:44:20 0 d-----w- C:\92e2ab15b50052a5883514
2010-01-22 11:30:28 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-22 01:35:51 0 d-----w- C:\d32a907e819103c8524615ba
2010-01-21 21:54:50 0 d-----w- c:\windows\pss
2010-01-21 21:53:04 0 ----a-w- c:\windows\system32\drivers\RawIp.sys
2010-01-19 22:36:02 9034488 ----a-w- C:\mssefullinstall-x86fre-en-us-xp.exe
2010-01-19 20:26:52 85 ----a-w- C:\DSpro.ini
2010-01-13 07:49:47 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-11-09 13:11:50 20048 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-08-08 00:05:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

============= FINISH: 22:00:00.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:49 PM

Posted 26 January 2010 - 08:42 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 northview

northview
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 26 January 2010 - 09:52 AM

I will run this as soon as get in this evening. Thanks for your help

#4 northview

northview
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 27 January 2010 - 07:07 AM

Here are the logs. My last scan with Super Anti-spyware came up with nothing but I am still skeptical

OTL logfile created on: 1/27/2010 6:29:02 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\lorrie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 59.81 Gb Free Space | 80.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS5
Current User Name: lorrie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/27 06:27:00 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lorrie\Desktop\OTL.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/02 08:49:52 | 00,467,744 | R--- | M] (Erie Insurance Group) -- C:\DSpro\Programs\ERIELINK.EXE
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/02 17:36:52 | 00,203,800 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/08 06:03:00 | 00,165,168 | ---- | M] (Vertafore Inc. d/b/a AMS Services) -- C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/01 16:00:12 | 00,299,008 | ---- | M] (Tiger Green Productions LLC) -- C:\Program Files\X3watch\x3watch.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 19:12:43 | 00,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/13 19:12:32 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/11 13:57:24 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/06/14 13:42:24 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2004/04/26 09:04:14 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe


========== Modules (SafeList) ==========

MOD - [2010/01/27 06:27:00 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lorrie\Desktop\OTL.exe
MOD - [2008/04/13 19:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/30 08:06:56 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/05/29 17:39:36 | 00,024,576 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE -- (OKI OPHD DCS Loader)
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/01/21 16:53:04 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\RawIp.sys -- (RawIp)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/09/20 17:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/06/13 11:58:04 | 00,162,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/06 15:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/04/01 21:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.focusonthefamily.com/
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 34 4F F9 08 9E CA 01 [binary data]
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\S-1-5-21-3125812425-2781740641-3189284658-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/24 17:26:20 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe (Tiger Green Productions LLC)
O4 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115..\Run: [ERIElink] C:\DSpro\Programs\ERIELINK.EXE (Erie Insurance Group)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransactNOW SSO Update Monitor.lnk = C:\Program Files\AMS Services\TransactNOW\OALaunch.exe (Vertafore Inc. d/b/a AMS Services)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: AMSSetWrite.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: silverplume.com ([]* in Trusted sites)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://66.21.89.241/controls/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alexanderrod.com/view/tiffx.cab (AlternaTIFF ActiveX)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1218155068512 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.installengine.com/engine/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} http://66.21.89.241/controls/prntpro2.CAB (Pegasus PrintPRO Control v2.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} http://ddrint13.gmacinsurance.com/ddrint/work/iedpwenu.cab (DDI Print Control Class v1.3 [ENU])
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Snider.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\lorrie\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lorrie\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 06:26:54 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lorrie\Desktop\OTL.exe
[2010/01/27 04:00:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/26 15:13:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\AMS Services
[2010/01/26 15:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\AMS Services
[2010/01/26 15:11:28 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2010/01/26 15:11:28 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2010/01/26 15:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\Silverplume
[2010/01/26 15:11:27 | 00,656,760 | ---- | C] (Wolters Kluwer Financial Services) -- C:\WINDOWS\System32\Skylon2.dll
[2010/01/26 15:11:27 | 00,460,152 | ---- | C] (VMP Mortgage Solutions, Inc.) -- C:\WINDOWS\System32\WriterPDF.dll
[2010/01/26 15:11:27 | 00,214,392 | ---- | C] (CBF Systems, Inc.) -- C:\WINDOWS\System32\SKYLON.DLL
[2010/01/26 15:11:27 | 00,118,784 | ---- | C] (VMP Mortgage Solutions, Inc.) -- C:\WINDOWS\System32\Abyss.dll
[2010/01/26 15:11:27 | 00,000,000 | ---D | C] -- C:\hrtfdebc
[2010/01/26 15:11:27 | 00,000,000 | ---D | C] -- C:\amsrack
[2010/01/26 15:11:26 | 00,349,560 | ---- | C] (CBF Systems, Inc.) -- C:\WINDOWS\System32\SEAREACH.DLL
[2010/01/26 15:11:26 | 00,279,928 | ---- | C] (VMP Mortgage Solutions, Inc.) -- C:\WINDOWS\System32\LANYARD.DLL
[2010/01/26 15:11:26 | 00,279,928 | ---- | C] (CBF Systems, Inc.) -- C:\WINDOWS\System32\Monsoon.dll
[2010/01/26 15:11:26 | 00,111,992 | ---- | C] (Silverplume Rating Solutions) -- C:\WINDOWS\System32\RatingUtils.dll
[2010/01/26 15:11:26 | 00,042,360 | ---- | C] (AMS) -- C:\WINDOWS\System32\SetWriteEmail.ocx
[2010/01/26 15:11:26 | 00,034,168 | ---- | C] (AMS) -- C:\WINDOWS\System32\SetWriteXmlWrap.ocx
[2010/01/26 15:11:26 | 00,020,480 | ---- | C] (Silverplume) -- C:\WINDOWS\System32\AMSRKVer.dll
[2010/01/26 15:11:26 | 00,020,480 | ---- | C] (AMS) -- C:\WINDOWS\System32\RtrVersion.dll
[2010/01/25 12:33:46 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/25 10:05:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\x3watch
[2010/01/24 20:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/24 20:24:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\viewone
[2010/01/24 20:24:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\UserData
[2010/01/24 20:24:15 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\lorrie\PrivacIE
[2010/01/24 20:24:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\OkiData
[2010/01/24 20:24:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\My Documents\My Music
[2010/01/24 20:24:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\My Documents\My Google Gadgets
[2010/01/24 20:24:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\My Documents\My Digital Editions
[2010/01/24 20:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2010/01/24 20:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\Symantec
[2010/01/24 20:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\MTV Networks
[2010/01/24 20:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\Identities
[2010/01/24 20:23:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\Google
[2010/01/24 20:23:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\ApplicationHistory
[2010/01/24 20:23:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\Adobe
[2010/01/24 20:23:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\jwalk_cache
[2010/01/24 20:23:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\SUPERAntiSpyware.com
[2010/01/24 20:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\Malwarebytes
[2010/01/24 20:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\AdobeUM
[2010/01/24 20:22:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/24 20:22:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/24 20:22:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/01/24 20:22:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\DRM
[2010/01/24 20:22:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\x3watch
[2010/01/24 20:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/01/24 20:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/01/24 20:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/24 20:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/24 20:21:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/24 20:21:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/01/24 18:52:24 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/24 17:53:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/24 17:53:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\Windows Desktop Search
[2010/01/24 17:45:52 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\lorrie\IECompatCache
[2010/01/24 17:45:19 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\lorrie\IETldCache
[2010/01/24 17:25:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/24 16:55:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/22 19:58:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/22 17:42:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/22 17:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/22 17:29:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/22 17:29:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/22 17:29:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/22 17:28:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/22 17:27:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/22 16:49:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 16:48:38 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2010/01/22 06:44:20 | 00,000,000 | ---D | C] -- C:\92e2ab15b50052a5883514
[2010/01/22 06:30:28 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/01/21 20:37:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/21 20:36:19 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/21 20:35:51 | 00,000,000 | ---D | C] -- C:\d32a907e819103c8524615ba
[2010/01/21 16:54:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/20 14:18:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/19 17:36:02 | 09,034,488 | ---- | C] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-en-us-xp.exe
[2010/01/19 13:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/01/13 02:49:47 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2007/02/08 13:39:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/11 18:06:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/27 06:27:00 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lorrie\Desktop\OTL.exe
[2010/01/27 01:31:00 | 00,000,085 | ---- | M] () -- C:\DSpro.ini
[2010/01/26 20:22:56 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\lorrie\NTUSER.DAT
[2010/01/26 20:14:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/26 20:06:46 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/26 20:01:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/26 20:01:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/26 20:01:30 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/26 20:00:59 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\lorrie\ntuser.ini
[2010/01/26 20:00:51 | 00,825,542 | -H-- | M] () -- C:\Documents and Settings\lorrie\Local Settings\Application Data\IconCache.db
[2010/01/26 16:09:18 | 00,000,473 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\Rating System.url
[2010/01/26 15:12:02 | 00,000,916 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransactNOW SSO Update Monitor.lnk
[2010/01/25 22:13:54 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\settings.dat
[2010/01/25 16:55:29 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/25 09:23:40 | 00,017,516 | ---- | M] () -- C:\WINDOWS\System32\OP5800L.cah
[2010/01/24 20:34:20 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/24 18:50:57 | 00,000,073 | ---- | M] () -- C:\rec.bat
[2010/01/24 17:26:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/24 17:26:20 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/24 16:55:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/24 16:45:00 | 00,000,178 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\Kaspersky Online Scanner 7.0.url
[2010/01/24 16:44:01 | 00,000,162 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\BleepingComputer.com Infected with Alureon Removed IS2010 previously.url
[2010/01/22 19:58:57 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/22 17:45:10 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
[2010/01/22 17:26:36 | 00,000,620 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/22 17:26:36 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/22 07:02:31 | 00,016,324 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
[2010/01/21 16:53:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\RawIp.sys
[2010/01/21 10:22:38 | 00,001,128 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\Hartford EBC.url
[2010/01/19 17:36:06 | 09,034,488 | ---- | M] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-en-us-xp.exe
[2010/01/19 13:25:20 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/13 04:04:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/08 08:12:18 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DSpro.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 15:54:10 | 00,000,343 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ERIE Certificate.url
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/26 16:07:55 | 00,000,473 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Rating System.url
[2010/01/26 15:12:02 | 00,000,916 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransactNOW SSO Update Monitor.lnk
[2010/01/26 15:11:28 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2010/01/26 15:11:27 | 00,033,158 | ---- | C] () -- C:\WINDOWS\System32\Jetfonts.fs
[2010/01/26 15:11:27 | 00,001,163 | ---- | C] () -- C:\WINDOWS\System32\default.inf
[2010/01/26 15:11:27 | 00,000,262 | ---- | C] () -- C:\WINDOWS\System32\I32fonts.ini
[2010/01/26 15:11:26 | 00,042,360 | ---- | C] () -- C:\WINDOWS\System32\AMSPrintDialog.ocx
[2010/01/25 22:13:54 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\settings.dat
[2010/01/24 20:24:14 | 00,148,745 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Acrobat Document.pdf
[2010/01/24 20:24:14 | 00,069,492 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Document1.tif
[2010/01/24 20:24:14 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Primary Screening Form For Children Or Youth Work.doc
[2010/01/24 20:24:14 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Doc1.doc
[2010/01/24 20:24:14 | 00,010,056 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\DSpro Report0001.mdi
[2010/01/24 20:24:14 | 00,010,048 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\DSpro Report.mdi
[2010/01/24 20:24:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Default.rdp
[2010/01/24 20:23:23 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\lorrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 20:23:20 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Primary Screening Form For Children Or Youth Work.doc
[2010/01/24 20:23:20 | 00,002,511 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Launch Google Earth.lnk
[2010/01/24 20:23:20 | 00,001,128 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Hartford EBC.url
[2010/01/24 20:23:20 | 00,000,631 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\ERIElink.LNK
[2010/01/24 20:23:20 | 00,000,602 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\DL123.lnk
[2010/01/24 20:23:20 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\ERIE BINDER.lnk
[2010/01/24 20:23:20 | 00,000,332 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\NC FIRE DISTRICT.url
[2010/01/24 20:23:20 | 00,000,328 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\NC CITY COUNTY CODES.url
[2010/01/24 20:23:20 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Safeco Now - SIGN IN.url
[2010/01/24 20:23:20 | 00,000,255 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\FS-1.url
[2010/01/24 20:23:20 | 00,000,237 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Montgomery Insurance - Agents' Portal.url
[2010/01/24 20:23:20 | 00,000,215 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Appraisal Card Lookup.url
[2010/01/24 20:23:20 | 00,000,214 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\GMAC on line.url
[2010/01/24 20:23:20 | 00,000,178 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Kaspersky Online Scanner 7.0.url
[2010/01/24 20:23:20 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\BleepingComputer.com Infected with Alureon Removed IS2010 previously.url
[2010/01/24 20:23:20 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\PROGRESSIVE.url
[2010/01/24 20:22:09 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/01/24 20:22:09 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/01/24 20:22:02 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/01/24 20:22:02 | 00,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NC GRANGE.lnk
[2010/01/24 20:22:02 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/01/24 20:22:02 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/24 20:22:02 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/24 20:22:02 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DSpro.lnk
[2010/01/24 20:22:02 | 00,000,343 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ERIE Certificate.url
[2010/01/24 20:22:02 | 00,000,326 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Master Documents.lnk
[2010/01/24 20:22:02 | 00,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Erie's Website.url
[2010/01/24 20:22:02 | 00,000,243 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\US Post Office Zip Codes.url
[2010/01/24 20:22:02 | 00,000,232 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Choicepoint.url
[2010/01/24 20:22:02 | 00,000,189 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rate Bureau.url
[2010/01/24 20:22:02 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ HAGERTY INSURANCE .url
[2010/01/24 20:21:41 | 00,016,324 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
[2010/01/24 20:21:41 | 00,002,412 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/24 20:21:41 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
[2010/01/24 20:21:41 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/24 19:19:32 | 00,000,073 | ---- | C] () -- C:\rec.bat
[2010/01/24 17:42:25 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\lorrie\ntuser.ini
[2010/01/24 16:55:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/24 16:55:04 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/24 16:44:51 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/22 20:04:09 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/22 17:37:05 | 10,716,97920 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/22 17:29:11 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/22 17:29:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/22 17:29:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/22 17:29:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/22 17:29:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/21 16:53:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\RawIp.sys
[2010/01/19 15:26:52 | 00,000,085 | ---- | C] () -- C:\DSpro.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/11/10 09:25:33 | 00,000,112 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/20 09:23:48 | 00,000,191 | ---- | C] () -- C:\WINDOWS\OPHD.ini
[2007/02/08 13:47:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/01/31 15:45:50 | 00,000,147 | ---- | C] () -- C:\WINDOWS\EJRLREAD.INI
[2006/01/30 12:39:48 | 00,000,104 | ---- | C] () -- C:\WINDOWS\READIBMW.INI
[2006/01/30 12:39:10 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\COMMPRSS.DLL
[2006/01/30 12:34:15 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMBTCTL.INI
[2006/01/30 12:34:09 | 00,016,066 | ---- | C] () -- C:\WINDOWS\System32\WBTRCALL.DLL
[2006/01/30 12:34:09 | 00,014,010 | ---- | C] () -- C:\WINDOWS\System32\WBTRLOCL.DLL
[2006/01/30 12:34:09 | 00,003,760 | ---- | C] () -- C:\WINDOWS\System32\WBTRVRES.DLL
[2006/01/30 12:34:09 | 00,003,740 | ---- | C] () -- C:\WINDOWS\System32\WBT32RES.DLL
[2006/01/30 12:34:09 | 00,001,918 | ---- | C] () -- C:\WINDOWS\CMBTLL.INI
[2006/01/30 12:34:09 | 00,000,077 | ---- | C] () -- C:\WINDOWS\VCBTRV.INI
[2006/01/30 12:34:08 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[2006/01/30 12:34:08 | 00,034,122 | ---- | C] () -- C:\WINDOWS\System32\EHBLIC.DLL
[2006/01/30 12:34:07 | 00,079,072 | ---- | C] () -- C:\WINDOWS\System32\CMBTDWG.DLL
[2006/01/30 12:34:07 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\u25dts.dll
[2006/01/30 12:34:07 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2006/01/20 15:34:18 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/20 15:25:29 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/20 15:07:40 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/01/19 17:36:06 | 09,034,488 | ---- | M] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-en-us-xp.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/07 18:29:28 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/07 18:29:28 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/07 18:29:28 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/07 18:29:28 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
OTL Extras logfile created on: 1/27/2010 6:29:02 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\lorrie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 500.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 59.81 Gb Free Space | 80.33% Space Free | Partition Type: NTFS


Computer Name: WS5
Current User Name: lorrie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"\\server1\Applications\PROG\BESD.EXE" = \\server1\Applications\PROG\BESD.EXE:*:Enabled:besd
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{2970B270-64C7-4B12-949A-46693474EE1A}" = Rating_Workstation_Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{515B89A9-7C20-4A7E-AF13-9EC39A03391A}" = Ratesys for Windows
"{5E8858EC-6B09-4939-99F2-5678073A0327}" = Microsoft Office Live Meeting 2005
"{61D5C1D7-8AFC-41D2-BEC2-8AECA9581CE6}" = AMS TransactNOW Single Sign-On
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DSpro Workstation" = DSpro Workstation
"HijackThis" = HijackThis 2.0.2
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSN Music Assistant" = MSN Music Assistant
"PROSet" = Intel® PRO Network Connections Drivers
"RealVNC_is1" = VNC Free Edition 4.1.2
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"X3watch_is1" = X3watch 5.0.6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2010 5:07:21 AM | Computer Name = WS5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/26/2010 7:51:44 AM | Computer Name = WS5 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 1/26/2010 11:24:12 AM | Computer Name = WS5 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 1/26/2010 11:24:27 AM | Computer Name = WS5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/26/2010 11:24:27 AM | Computer Name = WS5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/26/2010 1:08:58 PM | Computer Name = WS5 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 1/26/2010 7:22:20 PM | Computer Name = WS5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/26/2010 9:02:09 PM | Computer Name = WS5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/26/2010 9:02:25 PM | Computer Name = WS5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/26/2010 9:14:44 PM | Computer Name = WS5 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

[ System Events ]
Error - 1/26/2010 1:07:44 PM | Computer Name = WS5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 1/26/2010 9:01:54 PM | Computer Name = WS5 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SNIDER due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/26/2010 9:01:58 PM | Computer Name = WS5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/26/2010 9:02:13 PM | Computer Name = WS5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/26/2010 9:17:13 PM | Computer Name = WS5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 1/26/2010 9:47:28 PM | Computer Name = WS5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 1/26/2010 10:47:28 PM | Computer Name = WS5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 1/27/2010 12:47:28 AM | Computer Name = WS5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 1/27/2010 4:47:29 AM | Computer Name = WS5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.




< End of report >


#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:49 PM

Posted 27 January 2010 - 08:42 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    [2010/01/24 20:21:41 | 00,016,324 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
    [2010/01/24 20:21:41 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
    [2010/01/24 20:21:41 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


======================



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Let me know how your computer is behaving now.



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 northview

northview
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 27 January 2010 - 09:19 PM

Seems to be running ok. Did pick up something else on Super-Anti Spyware this morning but just 1. Here are the logs

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\sysReserve.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: administrator.SNIDER
->Temp folder emptied: 158960 bytes
->Temporary Internet Files folder emptied: 6586491 bytes
->Java cache emptied: 13690463 bytes

User: ADMINI~1~SNI

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 406630 bytes

User: lorrie
->Temp folder emptied: 97556402 bytes
->Temporary Internet Files folder emptied: 89921370 bytes
->Java cache emptied: 131947247 bytes

User: NetworkService
->Temp folder emptied: 24422 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Snider
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 6035272 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 8760337 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31106 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 942378 bytes

Total Files Cleaned = 340.00 mb


OTL by OldTimer - Version 3.1.27.0 log created on 01272010_202405

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 1/27/2010 8:52:09 PM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\lorrie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 614.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 60.07 Gb Free Space | 80.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS5
Current User Name: lorrie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/27 20:46:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/27 06:27:00 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lorrie\Desktop\OTL.exe
PRC - [2009/10/02 08:49:52 | 00,467,744 | R--- | M] (Erie Insurance Group) -- C:\DSpro\Programs\ERIELINK.EXE
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/08 06:03:00 | 00,165,168 | ---- | M] (Vertafore Inc. d/b/a AMS Services) -- C:\Program Files\AMS Services\TransactNOW\OALaunch.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/01 16:00:12 | 00,299,008 | ---- | M] (Tiger Green Productions LLC) -- C:\Program Files\X3watch\x3watch.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 19:12:43 | 00,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/13 19:12:32 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/11 13:57:24 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/06/14 13:42:24 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005/09/20 16:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2004/04/26 09:04:14 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe


========== Modules (SafeList) ==========

MOD - [2010/01/27 06:27:00 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lorrie\Desktop\OTL.exe
MOD - [2008/04/13 19:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/27 20:46:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/30 08:06:56 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/05/29 17:39:36 | 00,024,576 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE -- (OKI OPHD DCS Loader)
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/01/21 16:53:04 | 00,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\RawIp.sys -- (RawIp)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/09/20 17:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/06/13 11:58:04 | 00,162,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/06 15:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/04/01 21:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.focusonthefamily.com/
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 34 4F F9 08 9E CA 01 [binary data]
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\S-1-5-21-3125812425-2781740641-3189284658-1115\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/01/24 17:26:20 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe (Tiger Green Productions LLC)
O4 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115..\Run: [ERIElink] C:\DSpro\Programs\ERIELINK.EXE (Erie Insurance Group)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransactNOW SSO Update Monitor.lnk = C:\Program Files\AMS Services\TransactNOW\OALaunch.exe (Vertafore Inc. d/b/a AMS Services)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3125812425-2781740641-3189284658-1115_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: AMSSetWrite.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: silverplume.com ([]* in Trusted sites)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://66.21.89.241/controls/LTOCX14N.cab (LEAD Main Control (14.0))
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alexanderrod.com/view/tiffx.cab (AlternaTIFF ActiveX)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1218155068512 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.installengine.com/engine/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} http://66.21.89.241/controls/prntpro2.CAB (Pegasus PrintPRO Control v2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} http://ddrint13.gmacinsurance.com/ddrint/work/iedpwenu.cab (DDI Print Control Class v1.3 [ENU])
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Snider.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\lorrie\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lorrie\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/27 20:47:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/27 20:47:17 | 00,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/27 20:47:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/27 20:47:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/27 20:47:17 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/27 20:46:49 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/27 20:41:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\.SunDownloadManager
[2010/01/27 20:35:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Desktop\Javara
[2010/01/27 20:24:05 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/27 09:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\Windows Search
[2010/01/27 06:26:54 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lorrie\Desktop\OTL.exe
[2010/01/27 04:00:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/26 15:13:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\AMS Services
[2010/01/26 15:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\AMS Services
[2010/01/26 15:11:28 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2010/01/26 15:11:28 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2010/01/26 15:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\Silverplume
[2010/01/26 15:11:27 | 00,656,760 | ---- | C] (Wolters Kluwer Financial Services) -- C:\WINDOWS\System32\Skylon2.dll
[2010/01/26 15:11:27 | 00,460,152 | ---- | C] (VMP Mortgage Solutions, Inc.) -- C:\WINDOWS\System32\WriterPDF.dll
[2010/01/26 15:11:27 | 00,214,392 | ---- | C] (CBF Systems, Inc.) -- C:\WINDOWS\System32\SKYLON.DLL
[2010/01/26 15:11:27 | 00,118,784 | ---- | C] (VMP Mortgage Solutions, Inc.) -- C:\WINDOWS\System32\Abyss.dll
[2010/01/26 15:11:27 | 00,000,000 | ---D | C] -- C:\hrtfdebc
[2010/01/26 15:11:27 | 00,000,000 | ---D | C] -- C:\amsrack
[2010/01/26 15:11:26 | 00,349,560 | ---- | C] (CBF Systems, Inc.) -- C:\WINDOWS\System32\SEAREACH.DLL
[2010/01/26 15:11:26 | 00,279,928 | ---- | C] (VMP Mortgage Solutions, Inc.) -- C:\WINDOWS\System32\LANYARD.DLL
[2010/01/26 15:11:26 | 00,279,928 | ---- | C] (CBF Systems, Inc.) -- C:\WINDOWS\System32\Monsoon.dll
[2010/01/26 15:11:26 | 00,111,992 | ---- | C] (Silverplume Rating Solutions) -- C:\WINDOWS\System32\RatingUtils.dll
[2010/01/26 15:11:26 | 00,042,360 | ---- | C] (AMS) -- C:\WINDOWS\System32\SetWriteEmail.ocx
[2010/01/26 15:11:26 | 00,034,168 | ---- | C] (AMS) -- C:\WINDOWS\System32\SetWriteXmlWrap.ocx
[2010/01/26 15:11:26 | 00,020,480 | ---- | C] (Silverplume) -- C:\WINDOWS\System32\AMSRKVer.dll
[2010/01/26 15:11:26 | 00,020,480 | ---- | C] (AMS) -- C:\WINDOWS\System32\RtrVersion.dll
[2010/01/25 12:33:46 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/25 10:05:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\x3watch
[2010/01/24 20:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/24 20:24:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\viewone
[2010/01/24 20:24:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\UserData
[2010/01/24 20:24:15 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\lorrie\PrivacIE
[2010/01/24 20:24:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\OkiData
[2010/01/24 20:24:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\My Documents\My Music
[2010/01/24 20:24:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\My Documents\My Google Gadgets
[2010/01/24 20:24:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\My Documents\My Digital Editions
[2010/01/24 20:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2010/01/24 20:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\Symantec
[2010/01/24 20:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\MTV Networks
[2010/01/24 20:24:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\Identities
[2010/01/24 20:23:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\Google
[2010/01/24 20:23:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\ApplicationHistory
[2010/01/24 20:23:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Local Settings\Application Data\Adobe
[2010/01/24 20:23:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\jwalk_cache
[2010/01/24 20:23:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\SUPERAntiSpyware.com
[2010/01/24 20:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\Malwarebytes
[2010/01/24 20:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\AdobeUM
[2010/01/24 20:22:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/24 20:22:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/24 20:22:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/01/24 20:22:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\DRM
[2010/01/24 20:22:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\x3watch
[2010/01/24 20:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/01/24 20:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/01/24 20:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/24 20:21:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/24 20:21:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/24 20:21:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/01/24 18:52:24 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/24 17:53:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/24 17:53:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lorrie\Application Data\Windows Desktop Search
[2010/01/24 17:45:52 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\lorrie\IECompatCache
[2010/01/24 17:45:19 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\lorrie\IETldCache
[2010/01/24 17:25:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/24 16:55:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/22 19:58:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/22 17:42:38 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/22 17:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/22 17:29:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/22 17:29:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/22 17:29:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/22 17:28:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/22 17:27:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/22 16:49:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 06:44:20 | 00,000,000 | ---D | C] -- C:\92e2ab15b50052a5883514
[2010/01/22 06:30:28 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/01/21 20:37:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/21 20:36:19 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/21 20:35:51 | 00,000,000 | ---D | C] -- C:\d32a907e819103c8524615ba
[2010/01/21 16:54:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/20 14:18:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/19 17:36:02 | 09,034,488 | ---- | C] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-en-us-xp.exe
[2010/01/19 13:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/01/13 02:49:47 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2007/02/08 13:39:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/11 18:06:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/27 20:47:24 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/27 20:46:54 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/27 20:46:54 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/27 20:46:54 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/27 20:46:54 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/27 20:46:53 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/27 20:33:07 | 00,000,085 | ---- | M] () -- C:\DSpro.ini
[2010/01/27 20:31:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/27 20:31:43 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/27 20:26:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/27 20:26:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/27 20:26:27 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 20:25:56 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\lorrie\NTUSER.DAT
[2010/01/27 20:25:56 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\lorrie\ntuser.ini
[2010/01/27 16:23:42 | 05,834,036 | -H-- | M] () -- C:\Documents and Settings\lorrie\Local Settings\Application Data\IconCache.db
[2010/01/27 09:58:22 | 00,000,364 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\Erie Pay.url
[2010/01/27 09:04:54 | 00,006,696 | ---- | M] () -- C:\erie_logo_app.gif
[2010/01/27 08:57:47 | 00,017,516 | ---- | M] () -- C:\WINDOWS\System32\OP5800L.cah
[2010/01/27 06:27:00 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lorrie\Desktop\OTL.exe
[2010/01/26 16:09:18 | 00,000,473 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\Rating System.url
[2010/01/26 15:12:02 | 00,000,916 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransactNOW SSO Update Monitor.lnk
[2010/01/25 22:13:54 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\settings.dat
[2010/01/25 16:55:29 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/24 18:50:57 | 00,000,073 | ---- | M] () -- C:\rec.bat
[2010/01/24 17:26:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/24 17:26:20 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/24 16:55:07 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/22 19:58:57 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/22 17:26:36 | 00,000,620 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/22 17:26:36 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/21 16:53:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\RawIp.sys
[2010/01/21 10:22:38 | 00,001,128 | ---- | M] () -- C:\Documents and Settings\lorrie\Desktop\Hartford EBC.url
[2010/01/19 17:36:06 | 09,034,488 | ---- | M] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-en-us-xp.exe
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/13 04:04:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/08 08:12:18 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DSpro.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 15:54:10 | 00,000,343 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ERIE Certificate.url

========== Files Created - No Company Name ==========

[2010/01/27 20:41:56 | 00,786,432 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\jre-6u18-windows-i586-iftw-rv.exe
[2010/01/27 09:55:17 | 00,006,696 | ---- | C] () -- C:\erie_logo_app.gif
[2010/01/27 09:06:30 | 00,000,364 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Erie Pay.url
[2010/01/26 16:07:55 | 00,000,473 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Rating System.url
[2010/01/26 15:12:02 | 00,000,916 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransactNOW SSO Update Monitor.lnk
[2010/01/26 15:11:28 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2010/01/26 15:11:27 | 00,033,158 | ---- | C] () -- C:\WINDOWS\System32\Jetfonts.fs
[2010/01/26 15:11:27 | 00,001,163 | ---- | C] () -- C:\WINDOWS\System32\default.inf
[2010/01/26 15:11:27 | 00,000,262 | ---- | C] () -- C:\WINDOWS\System32\I32fonts.ini
[2010/01/26 15:11:26 | 00,042,360 | ---- | C] () -- C:\WINDOWS\System32\AMSPrintDialog.ocx
[2010/01/25 22:13:54 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\settings.dat
[2010/01/24 20:24:14 | 00,148,745 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Acrobat Document.pdf
[2010/01/24 20:24:14 | 00,069,492 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Document1.tif
[2010/01/24 20:24:14 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Primary Screening Form For Children Or Youth Work.doc
[2010/01/24 20:24:14 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Doc1.doc
[2010/01/24 20:24:14 | 00,010,056 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\DSpro Report0001.mdi
[2010/01/24 20:24:14 | 00,010,048 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\DSpro Report.mdi
[2010/01/24 20:24:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\lorrie\My Documents\Default.rdp
[2010/01/24 20:23:23 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\lorrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 20:23:20 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Primary Screening Form For Children Or Youth Work.doc
[2010/01/24 20:23:20 | 00,002,511 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Launch Google Earth.lnk
[2010/01/24 20:23:20 | 00,001,128 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Hartford EBC.url
[2010/01/24 20:23:20 | 00,000,631 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\ERIElink.LNK
[2010/01/24 20:23:20 | 00,000,602 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\DL123.lnk
[2010/01/24 20:23:20 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\ERIE BINDER.lnk
[2010/01/24 20:23:20 | 00,000,332 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\NC FIRE DISTRICT.url
[2010/01/24 20:23:20 | 00,000,328 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\NC CITY COUNTY CODES.url
[2010/01/24 20:23:20 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Safeco Now - SIGN IN.url
[2010/01/24 20:23:20 | 00,000,255 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\FS-1.url
[2010/01/24 20:23:20 | 00,000,237 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Montgomery Insurance - Agents' Portal.url
[2010/01/24 20:23:20 | 00,000,215 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\Appraisal Card Lookup.url
[2010/01/24 20:23:20 | 00,000,214 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\GMAC on line.url
[2010/01/24 20:23:20 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\BleepingComputer.com Infected with Alureon Removed IS2010 previously.url
[2010/01/24 20:23:20 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\lorrie\Desktop\PROGRESSIVE.url
[2010/01/24 20:22:09 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/01/24 20:22:09 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/01/24 20:22:02 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/01/24 20:22:02 | 00,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NC GRANGE.lnk
[2010/01/24 20:22:02 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/01/24 20:22:02 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/24 20:22:02 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/24 20:22:02 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DSpro.lnk
[2010/01/24 20:22:02 | 00,000,343 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ERIE Certificate.url
[2010/01/24 20:22:02 | 00,000,326 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Master Documents.lnk
[2010/01/24 20:22:02 | 00,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Erie's Website.url
[2010/01/24 20:22:02 | 00,000,243 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\US Post Office Zip Codes.url
[2010/01/24 20:22:02 | 00,000,232 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Choicepoint.url
[2010/01/24 20:22:02 | 00,000,189 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rate Bureau.url
[2010/01/24 20:22:02 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ HAGERTY INSURANCE .url
[2010/01/24 20:21:41 | 00,002,412 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/24 19:19:32 | 00,000,073 | ---- | C] () -- C:\rec.bat
[2010/01/24 17:42:25 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\lorrie\ntuser.ini
[2010/01/24 16:55:07 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/24 16:55:04 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/24 16:44:51 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/22 20:04:09 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/22 17:37:05 | 10,716,97920 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/22 17:29:11 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/22 17:29:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/22 17:29:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/22 17:29:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/22 17:29:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/21 16:53:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\RawIp.sys
[2010/01/19 15:26:52 | 00,000,085 | ---- | C] () -- C:\DSpro.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/11/10 09:25:33 | 00,000,112 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/20 09:23:48 | 00,000,191 | ---- | C] () -- C:\WINDOWS\OPHD.ini
[2007/02/08 13:47:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/01/31 15:45:50 | 00,000,147 | ---- | C] () -- C:\WINDOWS\EJRLREAD.INI
[2006/01/30 12:39:48 | 00,000,104 | ---- | C] () -- C:\WINDOWS\READIBMW.INI
[2006/01/30 12:39:10 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\COMMPRSS.DLL
[2006/01/30 12:34:15 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMBTCTL.INI
[2006/01/30 12:34:09 | 00,016,066 | ---- | C] () -- C:\WINDOWS\System32\WBTRCALL.DLL
[2006/01/30 12:34:09 | 00,014,010 | ---- | C] () -- C:\WINDOWS\System32\WBTRLOCL.DLL
[2006/01/30 12:34:09 | 00,003,760 | ---- | C] () -- C:\WINDOWS\System32\WBTRVRES.DLL
[2006/01/30 12:34:09 | 00,003,740 | ---- | C] () -- C:\WINDOWS\System32\WBT32RES.DLL
[2006/01/30 12:34:09 | 00,001,918 | ---- | C] () -- C:\WINDOWS\CMBTLL.INI
[2006/01/30 12:34:09 | 00,000,077 | ---- | C] () -- C:\WINDOWS\VCBTRV.INI
[2006/01/30 12:34:08 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[2006/01/30 12:34:08 | 00,034,122 | ---- | C] () -- C:\WINDOWS\System32\EHBLIC.DLL
[2006/01/30 12:34:07 | 00,079,072 | ---- | C] () -- C:\WINDOWS\System32\CMBTDWG.DLL
[2006/01/30 12:34:07 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\u25dts.dll
[2006/01/30 12:34:07 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2006/01/20 15:34:18 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/20 15:25:29 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/20 15:07:40 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >




#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:49 PM

Posted 28 January 2010 - 08:06 AM

So you're not getting any indication of a rootkit infection or Alureon any longer?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 northview

northview
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 28 January 2010 - 02:44 PM

No not that I can see

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:49 PM

Posted 29 January 2010 - 08:46 AM

thumbup2.gif


Now we'll remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif





Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 northview

northview
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 29 January 2010 - 06:17 PM

THank you so much for the time that you put into this issue. I appreciate it and wish you much success.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:49 PM

Posted 30 January 2010 - 08:23 AM

I'm glad I could help you out! smile.gif

Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users