Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTML/Infected.WebPage.Gen


  • This topic is locked This topic is locked
33 replies to this topic

#1 Shady1475

Shady1475

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 20 February 2010 - 10:39 PM

Hey guys I'm infected and I cannot remove this thing. Please help. My logs are atttached but I cannot run the GMER tool because it causes my computer to go to the BSOD every time. Thanks for the help.

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:09 PM

Posted 22 February 2010 - 04:25 PM

Hello Shady1475,


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • MBAM log
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 Shady1475

Shady1475
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 24 February 2010 - 10:26 PM

Here are the logs as requested thanks.

OTL logfile created on: 2/24/2010 8:09:57 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Jeremy Van Pelt\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.99 Gb Total Space | 131.01 Gb Free Space | 87.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 130.91 Gb Free Space | 56.21% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Jeremy Van Pelt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/24 20:01:10 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy Van Pelt\My Documents\Downloads\OTL.exe
PRC - [2010/02/05 12:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/12/22 14:01:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/03 16:14:00 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/13 20:28:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/29 22:14:29 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/06/29 12:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/09/08 17:58:00 | 000,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/08/16 15:21:34 | 000,155,648 | ---- | M] () -- C:\Program Files\Razer\CopperHead\razerhid.exe
PRC - [2005/07/22 15:02:46 | 000,159,744 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\CopperHead\razerofa.exe
PRC - [2005/07/22 15:00:04 | 000,147,456 | ---- | M] () -- C:\Program Files\Razer\CopperHead\razertra.exe
PRC - [2005/01/14 19:54:48 | 000,479,232 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2004/11/30 19:09:34 | 000,253,952 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/14 04:13:58 | 000,450,560 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2004/09/13 11:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/19 09:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2010/02/24 20:01:10 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy Van Pelt\My Documents\Downloads\OTL.exe
MOD - [2005/09/08 17:58:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/09/08 17:58:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/22 14:01:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 20:28:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/13 16:56:46 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/09/08 17:58:00 | 000,127,044 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/08 19:45:10 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/03 16:14:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/13 18:57:47 | 000,017,056 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/26 22:40:06 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 10:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/09/08 17:58:00 | 003,210,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/09 11:50:36 | 000,011,372 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2005/03/22 14:49:09 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2005/01/25 15:55:08 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/17 13:13:28 | 000,098,304 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2005/01/08 18:15:40 | 000,051,582 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/01/07 06:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/22 04:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/12/16 10:30:14 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2004/11/16 15:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/11/16 10:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 13:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/10/21 15:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/05 03:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/09 10:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2004/06/21 11:40:48 | 000,051,088 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004/06/21 11:40:48 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/06/17 15:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 15:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/17 12:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/10/17 06:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\S-1-5-21-842925246-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-842925246-1844237615-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [razer] C:\Program Files\Razer\CopperHead\razerhid.exe ()
O4 - HKU\S-1-5-21-842925246-1844237615-839522115-1004..\Run: [Google Update] C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-842925246-1844237615-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-842925246-1844237615-839522115-1004..\Run: [TOY5KNQ8OC] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\Zzj.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1266171995656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 69.24.208.3 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.68,93.188.161.85
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/13 17:35:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6494598d-f498-11de-9b06-001143750ede}\Shell\AutoRun\command - "" = wscript.exe autorun.js
O33 - MountPoints2\{6494598d-f498-11de-9b06-001143750ede}\Shell\sync\command - "" = wscript.exe autorun.js
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/13 10:40:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891835792228352)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/24 18:16:34 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\KPower.dll
[2010/02/22 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2010/02/21 15:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/21 15:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/21 13:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/02/20 10:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/16 18:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Application Data\GetRightToGo
[2010/02/15 09:33:58 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/15 09:33:58 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/14 14:00:34 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/14 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/14 13:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/02/14 13:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/14 11:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Microsoft Help
[2010/02/14 11:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/11 13:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/07 16:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Application Data\acccore
[2010/02/07 16:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\AIM
[2010/02/07 16:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\AOL
[2010/02/07 16:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/07 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/07 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/02/07 16:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/01/31 10:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Cooliris
[2010/01/27 06:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Temp
[2009/11/18 13:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/11/13 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/13 17:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/13 17:35:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/13 17:35:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/24 20:13:04 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844237615-839522115-1004UA.job
[2010/02/24 20:13:04 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844237615-839522115-1004Core.job
[2010/02/24 19:50:00 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/24 19:39:01 | 054,111,794 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Final Brochure Back.psd
[2010/02/24 19:19:35 | 000,011,759 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/24 19:18:57 | 000,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/24 19:18:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 19:18:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/24 18:36:57 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\NTUSER.DAT
[2010/02/24 18:36:57 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\ntuser.ini
[2010/02/24 13:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/22 21:48:03 | 043,368,432 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Copy of Final Brochure Front.psd
[2010/02/21 22:27:32 | 056,718,783 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Final Brochure Front.psd
[2010/02/21 12:49:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/21 11:59:47 | 000,467,118 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\family hair 09.jpg
[2010/02/20 13:20:29 | 002,927,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/18 21:13:17 | 011,994,663 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Brochure.psd
[2010/02/18 15:42:57 | 000,397,913 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\brochure_by_xwaNiex.jpg
[2010/02/16 19:36:10 | 000,082,864 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/16 19:30:33 | 000,011,759 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/16 18:32:22 | 000,987,136 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\brochure (1).doc
[2010/02/16 17:34:41 | 000,183,078 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\sunn.bmp
[2010/02/16 17:34:32 | 000,054,356 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\sunsetpicture.jpg
[2010/02/16 17:34:17 | 000,528,110 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\shop pic.jpg
[2010/02/14 14:03:39 | 000,000,490 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 13:46:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 21:15:45 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Google Chrome.lnk
[2010/02/11 13:41:25 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/11 07:23:30 | 005,362,822 | -H-- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\IconCache.db
[2010/02/11 05:37:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/07 16:33:36 | 000,000,457 | -H-- | M] () -- C:\IPH.PH
[2010/02/07 16:33:32 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/02/05 16:57:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/05 16:57:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/04 17:43:16 | 000,026,068 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/22 21:05:45 | 043,368,432 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Copy of Final Brochure Front.psd
[2010/02/21 15:13:09 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/02/20 20:09:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/20 15:57:05 | 054,111,794 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Final Brochure Back.psd
[2010/02/19 22:11:50 | 056,718,783 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Final Brochure Front.psd
[2010/02/19 21:23:35 | 003,635,951 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\11x8.5_trifold_out.psd
[2010/02/19 21:23:34 | 003,755,343 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\11x8.5_trifold_in.psd
[2010/02/19 18:13:10 | 000,467,118 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\family hair 09.jpg
[2010/02/18 18:55:59 | 011,994,663 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Brochure.psd
[2010/02/18 15:42:57 | 000,397,913 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\brochure_by_xwaNiex.jpg
[2010/02/16 18:32:21 | 000,987,136 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\brochure (1).doc
[2010/02/16 17:34:41 | 000,183,078 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\sunn.bmp
[2010/02/16 17:34:32 | 000,054,356 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\sunsetpicture.jpg
[2010/02/16 17:34:17 | 000,528,110 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\shop pic.jpg
[2010/02/11 13:41:25 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/07 16:33:32 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/02/07 16:33:04 | 000,000,457 | -H-- | C] () -- C:\IPH.PH
[2010/02/04 17:43:16 | 000,026,068 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/16 14:56:12 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/22 18:07:35 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 10:41:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/08 21:26:30 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/11/13 19:00:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/13 19:00:54 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/13 19:00:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/11/13 19:00:48 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/11/13 18:54:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/13 18:43:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/11/13 18:36:40 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/11/05 20:18:24 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2004/12/03 08:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/23 03:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/21 10:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 07:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/30 08:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/13 20:39:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/13 20:39:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/13 20:39:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/13 20:39:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 09:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/03/22 14:49:39 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/03/22 14:49:39 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >

Attached Files


Edited by syler, 25 February 2010 - 03:48 PM.
Post OTL log


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:09 PM

Posted 25 February 2010 - 03:56 PM

Hi,

Please post you logs when replying, its makes them easier to review, thanks.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 Shady1475

Shady1475
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 25 February 2010 - 05:41 PM

Combofix Log

ComboFix 10-02-25.02 - Jeremy Van Pelt 02/25/2010 16:10:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1483 [GMT -6:00]
Running from: c:\documents and settings\Jeremy Van Pelt\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\srchasst\nls302en.lex
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 00:16 . 2005-12-05 16:54 61440 ----a-w- c:\windows\system32\KPower.dll
2010-02-23 02:17 . 2010-02-23 02:18 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-02-21 21:01 . 2010-02-21 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-21 21:01 . 2010-02-21 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-21 19:06 . 2010-02-21 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-02-21 02:09 . 2010-02-21 18:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-20 16:46 . 2010-02-20 16:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-17 00:19 . 2010-02-17 01:00 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Application Data\GetRightToGo
2010-02-15 15:33 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-14 20:00 . 2010-02-14 20:00 -------- d-----r- C:\MSOCache
2010-02-14 19:21 . 2010-02-14 19:21 -------- d-----w- c:\program files\MSXML 4.0
2010-02-14 19:08 . 2010-02-14 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
2010-02-14 17:54 . 2010-02-14 17:54 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\Microsoft Help
2010-02-14 17:54 . 2010-02-17 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-11 19:40 . 2010-02-11 19:40 -------- d-----w- c:\program files\iPod
2010-02-07 22:33 . 2010-02-07 22:33 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Application Data\acccore
2010-02-07 22:33 . 2010-02-07 22:37 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\AIM
2010-02-07 22:33 . 2010-02-07 22:33 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\AOL
2010-02-07 22:33 . 2010-02-07 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-02-07 22:33 . 2010-02-07 22:33 -------- d-----w- c:\program files\AIM
2010-02-07 22:33 . 2010-02-07 22:33 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-02-07 22:33 . 2010-02-07 22:33 -------- d-----w- c:\program files\Common Files\AOL
2010-02-04 23:43 . 2010-02-04 23:43 26068 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-31 16:54 . 2010-02-05 12:06 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\Cooliris
2010-01-27 12:13 . 2010-02-25 18:13 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 00:16 . 2009-11-14 00:36 -------- d-----w- c:\program files\Dell
2010-02-22 04:44 . 2010-01-22 03:47 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Application Data\U3
2010-02-21 19:06 . 2010-02-21 19:06 89 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A6880CA784EC6BE4C93CC4654D722F1E.dll
2010-02-17 03:10 . 2009-12-22 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 01:36 . 2009-11-14 02:35 82864 ----a-w- c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 01:30 . 2009-11-14 01:03 11759 ----a-w- c:\windows\system32\nvModes.dat
2010-02-14 19:24 . 2009-11-14 01:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-11 19:41 . 2009-11-14 02:32 -------- d-----w- c:\program files\iTunes
2010-02-11 19:40 . 2009-11-14 02:30 -------- d-----w- c:\program files\Common Files\Apple
2010-02-11 19:37 . 2009-11-14 02:31 -------- d-----w- c:\program files\QuickTime
2010-02-11 19:33 . 2010-02-11 19:33 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-21 22:00 . 2010-01-21 21:56 -------- d-----w- c:\program files\BumpTop
2010-01-21 21:56 . 2010-01-21 21:56 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Application Data\Bump Technologies, Inc
2010-01-19 00:02 . 2010-01-19 00:02 -------- d-----w- c:\documents and settings\Jeremy Van Pelt\Application Data\Move Networks
2010-01-19 00:02 . 2010-01-19 00:02 144160 ----a-w- c:\documents and settings\Jeremy Van Pelt\Application Data\Move Networks\uninstall.exe
2010-01-19 00:02 . 2009-12-10 21:23 4183416 ----a-w- c:\documents and settings\Jeremy Van Pelt\Application Data\Move Networks\plugins\npqmp071503000010.dll
2010-01-18 19:52 . 2010-01-18 19:52 -------- d-----w- c:\program files\Pure Networks
2010-01-18 19:51 . 2010-01-16 20:56 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-01-18 19:51 . 2010-01-18 19:51 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-01-16 21:07 . 2010-01-16 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-01-16 21:06 . 2010-01-16 21:06 -------- d-----w- c:\program files\Linksys
2010-01-16 20:56 . 2010-01-16 20:56 -------- d-----w- c:\program files\WebEx
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-11-13 23:30 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\Jeremy Van Pelt\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-09 01:45 . 2009-11-14 01:13 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 19:27 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 22:14 . 2009-12-12 01:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-12-12 01:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-14 135664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-08 7118848]
"nwiz"="nwiz.exe" [2005-09-08 1519616]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"razer"="c:\program files\Razer\CopperHead\razerhid.exe" [2005-08-16 155648]
"Acrobat Assistant 8.0"="e:\program files\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-30 624248]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/13/2009 7:13 PM 108289]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [12/20/2009 11:09 AM 11372]
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844237615-839522115-1004Core.job
- c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 02:08]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844237615-839522115-1004UA.job
- c:\documents and settings\Jeremy Van Pelt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 02:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - e:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {036433A0-39D0-4FB9-9187-E0BECD0FEB74} = 93.188.164.68,93.188.161.85
TCP: {4237703F-9D95-4FAC-91B0-9E44D8289E19} = 93.188.164.68,93.188.161.85
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff - c:\program files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
AddRemove-Adobe_6c8e2cb4fd241c55406016127a6ab2e - c:\program files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 16:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8A6BD8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba71cb3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Broadcom 570x Gigabit Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xba60dbb0
PacketIndicateHandler -> NDIS.sys @ 0xba61aa21
SendHandler -> NDIS.sys @ 0xba5f887b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(476)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Razer\CopperHead\razertra.exe
c:\program files\Razer\CopperHead\razerofa.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2010-02-25 16:25:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-25 22:25

Pre-Run: 140,724,576,256 bytes free
Post-Run: 141,431,136,256 bytes free

- - End Of File - - 89688D5F69132E032576803BF0488742


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:09 PM

Posted 25 February 2010 - 05:47 PM

We need to replace a file using the recovery console.

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
CMD /K COPY C:\WINDOWS\ServicePackFiles\i386\atapi.sys C:\atapi.sys
  • The command prompt should pop up and say 1 file(s) copied, if it doesn't please let me know before continuing.



Reboot your computer.

On the black screen with the startup menu select Microsoft Windows Recovery Console.

When the recovery console has started there is a menu where your asked to select which windows installation you want to login to, usually there is only one:

1. C:\WINDOWS

select the number and press Enter

If it ask you to type the administrator password, do so then press Enter.

It should then come up with C:\WINDOWS>

Now type in the following line, then press Enter.

COPY C:\atapi.sys C:\windows\system32\drivers\atapi.sys

It will then ask if you want to overwrite atapi.sys, press Y then Enter

If successful it should say "1 file(s) copied"

Then type EXIT and press Enter to reboot the machine.


  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c mbr -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.

unite.jpg


#7 Shady1475

Shady1475
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 25 February 2010 - 06:13 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:09 PM

Posted 25 February 2010 - 06:20 PM

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\S-1-5-21-842925246-1844237615-839522115-1004..\Run: [TOY5KNQ8OC] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\Zzj.exe File not found
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O33 - MountPoints2\{6494598d-f498-11de-9b06-001143750ede}\Shell\AutoRun\command - "" = wscript.exe autorun.js
    O33 - MountPoints2\{6494598d-f498-11de-9b06-001143750ede}\Shell\sync\command - "" = wscript.exe autorun.js
    :Commands
    [purity]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • MBAM log

Thanks

unite.jpg


#9 Shady1475

Shady1475
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 26 February 2010 - 07:33 PM

Where does OTL save the log files? I can't find the results file from the Custom Scans/Fixes run.

Edited by Shady1475, 26 February 2010 - 07:34 PM.


#10 Shady1475

Shady1475
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 26 February 2010 - 08:34 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC not found.
Starting removal of ActiveX control {02BCC737-B171-4746-94C9-0D8A0B2C0089}
C:\WINDOWS\Downloaded Program Files\ieawsdc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6494598d-f498-11de-9b06-001143750ede}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6494598d-f498-11de-9b06-001143750ede}\ not found.
File wscript.exe autorun.js not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6494598d-f498-11de-9b06-001143750ede}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6494598d-f498-11de-9b06-001143750ede}\ not found.
File wscript.exe autorun.js not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jeremy Van Pelt
->Temp folder emptied: 4669 bytes
->Temporary Internet Files folder emptied: 24325910 bytes
->Java cache emptied: 28687360 bytes
->Google Chrome cache emptied: 146261054 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 29438816 bytes

Total Files Cleaned = 220.00 mb


OTL by OldTimer - Version 3.1.30.2 log created on 02262010_182309

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.42
Database version: 3348
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/26/2010 7:32:19 PM
mbam-log-2010-02-26 (19-32-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 195466
Time elapsed: 59 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:09 PM

Posted 26 February 2010 - 08:44 PM

You version of MalwareBytes is well outdated, please update it a run a new scan, can you also tell me if you are still having any problems
and post a new OTL log.

unite.jpg


#12 Shady1475

Shady1475
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 26 February 2010 - 10:02 PM

I am running MBAM 1.44 now. I cannot update MBAM as I get a message telling me that the link is broken. I can't even go to the site. I got a newer version from CNET though. I don't know if it's being blocked by malware or a virus or what. Which OTL scan do I need to run?

#13 Shady1475

Shady1475
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 27 February 2010 - 01:39 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/26/2010 9:56:15 PM
mbam-log-2010-02-26 (21-56-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 198705
Time elapsed: 53 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{63837EE4-6E7E-4D24-A15F-F6DB4E7B90A6}\RP137\A0023560.sys (Malware.Trace) -> Quarantined and deleted successfully.


OTL logfile created on: 2/27/2010 12:32:00 AM - Run 2
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Jeremy Van Pelt\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.99 Gb Total Space | 131.98 Gb Free Space | 88.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 130.99 Gb Free Space | 56.25% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Jeremy Van Pelt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/24 20:01:10 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\OTL.exe
PRC - [2010/02/05 12:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/12/22 14:01:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/11/13 20:28:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/29 22:14:29 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/06/29 12:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/09/08 17:58:00 | 000,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/08/16 15:21:34 | 000,155,648 | ---- | M] () -- C:\Program Files\Razer\CopperHead\razerhid.exe
PRC - [2005/07/22 15:02:46 | 000,159,744 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\CopperHead\razerofa.exe
PRC - [2005/07/22 15:00:04 | 000,147,456 | ---- | M] () -- C:\Program Files\Razer\CopperHead\razertra.exe
PRC - [2005/01/14 19:54:48 | 000,479,232 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2004/11/30 19:09:34 | 000,253,952 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/14 04:13:58 | 000,450,560 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2004/09/13 11:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/19 09:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2010/02/24 20:01:10 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\OTL.exe
MOD - [2005/09/08 17:58:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/09/08 17:58:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/22 14:01:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 20:28:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/13 16:56:46 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/09/08 17:58:00 | 000,127,044 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/19 17:24:20 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/01 11:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/08 19:45:10 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/13 18:57:47 | 000,017,056 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/26 22:40:06 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 10:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/09/08 17:58:00 | 003,210,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/09 11:50:36 | 000,011,372 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Razerlow.sys -- (Razerlow)
DRV - [2005/03/22 14:49:09 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2005/01/25 15:55:08 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/17 13:13:28 | 000,098,304 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2005/01/08 18:15:40 | 000,051,582 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/01/07 06:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/22 04:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/12/16 10:30:14 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2004/11/16 15:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/11/16 10:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 13:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/10/21 15:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/05 03:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/09 10:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2004/06/21 11:40:48 | 000,051,088 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004/06/21 11:40:48 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/06/17 15:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 15:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/17 12:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/10/17 06:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-842925246-1844237615-839522115-1004\S-1-5-21-842925246-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/02/25 16:18:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-842925246-1844237615-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [razer] C:\Program Files\Razer\CopperHead\razerhid.exe ()
O4 - HKU\S-1-5-21-842925246-1844237615-839522115-1004..\Run: [Google Update] C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1844237615-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-842925246-1844237615-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-842925246-1844237615-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1266171995656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.93.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/13 17:35:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/26 18:15:49 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/26 18:15:49 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/13 10:40:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891835792228352)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 18:23:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/26 18:15:49 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/02/25 17:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/02/25 17:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\My Documents\AnyDVDHD
[2010/02/25 17:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/02/25 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010/02/25 17:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/02/25 17:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Logs
[2010/02/25 16:49:53 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/02/25 16:46:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 16:43:01 | 001,718,272 | ---- | C] (AniPaper.com) -- C:\WINDOWS\System32\AnipUninst1.exe
[2010/02/25 16:06:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/25 16:05:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/25 16:05:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/25 16:05:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/25 16:05:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/25 16:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/25 16:05:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/24 20:01:09 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\OTL.exe
[2010/02/24 18:16:34 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\KPower.dll
[2010/02/22 20:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2010/02/21 15:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/21 13:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/02/20 10:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/19 17:24:20 | 000,104,768 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/02/16 18:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Application Data\GetRightToGo
[2010/02/15 09:33:58 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/15 09:33:58 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/14 14:00:34 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/02/14 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/14 13:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/02/14 13:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/14 11:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Microsoft Help
[2010/02/14 11:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/11 13:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/07 16:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Application Data\acccore
[2010/02/07 16:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\AIM
[2010/02/07 16:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\AOL
[2010/02/07 16:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/07 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/07 16:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/02/07 16:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/01/31 10:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\Cooliris
[2009/11/18 13:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/11/13 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/13 17:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/13 17:35:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/13 17:35:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/27 00:18:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844237615-839522115-1004UA.job
[2010/02/26 21:58:32 | 000,011,759 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/26 21:58:06 | 000,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/26 21:57:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/26 21:57:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/26 21:56:52 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\NTUSER.DAT
[2010/02/26 21:56:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\ntuser.ini
[2010/02/26 12:18:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1844237615-839522115-1004Core.job
[2010/02/25 17:32:51 | 000,063,996 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/25 17:23:09 | 000,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/02/25 17:21:05 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/02/25 17:20:45 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2010/02/25 16:18:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 16:18:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/25 16:06:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/24 20:01:10 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\OTL.exe
[2010/02/24 19:39:01 | 054,111,794 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Final Brochure Back.psd
[2010/02/24 13:38:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/22 21:48:03 | 043,368,432 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Copy of Final Brochure Front.psd
[2010/02/21 22:27:32 | 056,718,783 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Final Brochure Front.psd
[2010/02/21 12:49:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/21 11:59:47 | 000,467,118 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\family hair 09.jpg
[2010/02/20 13:20:29 | 002,927,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 17:24:20 | 000,104,768 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/02/18 21:13:17 | 011,994,663 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Brochure.psd
[2010/02/18 15:42:57 | 000,397,913 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\brochure_by_xwaNiex.jpg
[2010/02/16 19:36:10 | 000,082,864 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/16 19:30:33 | 000,011,759 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/16 18:32:22 | 000,987,136 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\brochure (1).doc
[2010/02/16 17:34:41 | 000,183,078 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\sunn.bmp
[2010/02/16 17:34:32 | 000,054,356 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\sunsetpicture.jpg
[2010/02/16 17:34:17 | 000,528,110 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\shop pic.jpg
[2010/02/14 14:03:39 | 000,000,490 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/14 13:46:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 21:15:45 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Google Chrome.lnk
[2010/02/11 07:23:30 | 005,362,822 | -H-- | M] () -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\IconCache.db
[2010/02/11 05:37:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/07 16:33:36 | 000,000,457 | -H-- | M] () -- C:\IPH.PH
[2010/02/05 16:57:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2010/02/25 17:23:09 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/02/25 17:21:05 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/02/25 17:20:45 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2010/02/25 16:06:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/25 16:06:54 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/25 16:05:47 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/25 16:05:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/25 16:05:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/25 16:05:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/25 16:05:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/22 21:05:45 | 043,368,432 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Copy of Final Brochure Front.psd
[2010/02/20 20:09:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/20 15:57:05 | 054,111,794 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Final Brochure Back.psd
[2010/02/19 22:11:50 | 056,718,783 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Final Brochure Front.psd
[2010/02/19 21:23:35 | 003,635,951 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\11x8.5_trifold_out.psd
[2010/02/19 21:23:34 | 003,755,343 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\11x8.5_trifold_in.psd
[2010/02/19 18:13:10 | 000,467,118 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\family hair 09.jpg
[2010/02/18 18:55:59 | 011,994,663 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\Brochure.psd
[2010/02/18 15:42:57 | 000,397,913 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\brochure_by_xwaNiex.jpg
[2010/02/16 18:32:21 | 000,987,136 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\brochure (1).doc
[2010/02/16 17:34:41 | 000,183,078 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\sunn.bmp
[2010/02/16 17:34:32 | 000,054,356 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\sunsetpicture.jpg
[2010/02/16 17:34:17 | 000,528,110 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Desktop\shop pic.jpg
[2010/02/07 16:33:04 | 000,000,457 | -H-- | C] () -- C:\IPH.PH
[2010/02/04 17:43:16 | 000,063,996 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/16 14:56:12 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/22 18:07:35 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Jeremy Van Pelt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 10:41:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/08 21:26:30 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/11/13 19:00:55 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/13 19:00:54 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/13 19:00:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/11/13 19:00:48 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/11/13 18:54:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/13 18:43:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/11/13 18:36:40 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/11/05 20:18:24 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2004/12/03 08:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/23 03:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/21 10:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 07:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/30 08:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/13 20:39:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/13 20:39:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/13 20:39:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/13 20:39:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 09:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/03/22 14:49:39 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/03/22 14:49:39 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >


#14 Shady1475

Shady1475
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 27 February 2010 - 12:31 PM

On top of not being able to access the MBAM website, I cannot access my router setting either. It's like I'm being blocked from altering my settings.

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:09 PM

Posted 27 February 2010 - 04:43 PM

Try resetting you router and let me know if you still have any problems.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users