Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.sci Infection


  • This topic is locked This topic is locked
76 replies to this topic

#1 koin

koin

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 04 September 2010 - 04:30 AM

Hello, my name is koin and I need a prescription for my virus.



Around a week ago I powered on this PC after it has been shut off for a month, only to discover my 'Norton AntiVirus Online' (Which came free from my ISP) had a problem updating saying contact my ISP. I began a chat to chat with a technician who sent me a link to download a fresh Antivirus, installation process failed with no error. Assuming I have a virus I then asked the tech guy what I have to do next and he told me they dont help customers with viruses and I need to contact my computer manufacturer.

I Downloaded the AVG AntiVirus free edition but couldnt get the passed installation because it would get stuck half way, showing the estimated end time which kept bouncing around. Tried twice more along with a new download from different source but same problem and no error.
I then tried MBAM which gave me an error after I chose to run the installer, ( Can't remember error ).
Next up for me was Spybot Search & Destroy which I assumed would have a problem somewhere along the line, everything was fine until I chose to fix the issues and it got half way through that when my computer rebooted itself out of nowhere, Before I could open my start menu or anything, it opend spybot and appeared to continue its removal but I didnt notice for a couple hours that it got stuck half way, update bar looking all glitched out and one name under the update bar, called 'Virtumonde.sci'

After some google research I discovered what I'm dealing with.

I followed the Prep Guide,
DeFogger succeeded its job.
DDS failed with 'An unknown error occurred. The program will be terminated'
GMER succeeded.

Attached Files

  • Attached File  ark.txt   2.78KB   7 downloads


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:21 AM

Posted 12 September 2010 - 07:43 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.



===================================


We're so sorry about the delay, do you still need help?


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 koin

koin
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 13 September 2010 - 06:43 AM

Thank you.

Unaware that this topic has been replied to, I began the procedure's in the
'How to use HijackThis to remove Browser Hijackers & Spyware', I made it
just passed the Figure 4. Scan results when It instructed me to create a new
topic which is when I discovered your reply to this topic. Have not yet pasted
my HijackThis Log and will not make any further changes to the computer
until instructed.

Edited by koin, 13 September 2010 - 06:45 AM.


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:21 AM

Posted 13 September 2010 - 07:46 AM

We need to create a New FULL OTL Report
  1. Please download OTL from here if you have not done so already:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Change the "Extra Registry" option to "SafeList"
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 koin

koin
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 13 September 2010 - 08:04 AM

May I need to reformat ?


OTL logfile created on: 9/13/2010 6:00:34 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Big Bill\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.48 Gb Total Space | 88.99 Gb Free Space | 64.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOG
Current User Name: Big Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 05:59:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Bill\Desktop\OTL.exe
PRC - [2010/08/30 14:57:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2005/04/29 18:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005/04/29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/04/29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004/11/30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2003/11/14 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2010/09/13 05:59:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Bill\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/12/01 12:31:42 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/11/14 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - File not found [Unknown | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe -- (NAV)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2005/04/29 18:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005/04/29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005/04/29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2005/01/26 12:47:42 | 000,065,604 | ---- | M] (Boingo Wireless, Inc.) [Disabled | Stopped] -- C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe -- (EarthLinkMonitor)
SRV - [2004/11/30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100711.002\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100711.002\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100709.001\IDSxpx86.sys -- (IDSxpx86)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\exportit.sys -- (Exportit)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\DcPTP.sys -- (DcPTP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\DcLps.sys -- (DcLps)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\dcfs2k.sys -- (DCFS2K)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\DcCam.sys -- (DcCam)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BIGBIL~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/12 13:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/06/29 16:55:56 | 001,966,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/05/17 10:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2005/04/06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/04/06 03:22:20 | 000,100,096 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NVTCP.SYS -- (NVTCP)
DRV - [2004/11/01 15:16:34 | 000,017,536 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BW2NDIS5.SYS -- (BW2NDIS5)
DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/11/08 15:24:17 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/11/07 02:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 02:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 06:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://qwest.msn.com/ [binary data]
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-1229272821-682003330-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\FireFox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\
FF - HKLM\software\mozilla\FireFox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/01 03:14:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/30 14:57:24 | 000,000,000 | ---D | M]

[2010/02/08 18:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Bill\Application Data\Mozilla\Extensions
[2010/09/08 14:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Bill\Application Data\Mozilla\Firefox\Profiles\od15y8le.default\extensions
[2010/08/29 22:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Big Bill\Application Data\Mozilla\Firefox\Profiles\od15y8le.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/08 14:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/30 04:36:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober4517031.gif
[2010/03/26 23:24:21 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober4517031.src

O1 HOSTS File: ([2010/08/29 13:43:36 | 000,416,890 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14390 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {21608B66-026F-4DCB-9244-0DACA328DCED} - No CLSID value found.
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IE_PopupBlocker Class) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - No CLSID value found.
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found.
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D7293762-9884-48E2-B836-E0195B9D91D0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\WebBrowser: (no name) - {D7293762-9884-48E2-B836-E0195B9D91D0} - No CLSID value found.
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\.DEFAULT..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: isamonitor.exe = C:\Program Files\Key Generator\isamonitor.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: pmsngr.exe = C:\Program Files\Key Generator\pmsngr.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\System32\VetRedir.dll File not found
O15 - HKLM\..Trusted Domains: net-nucleus.com ([awbeta] http in Trusted sites)
O15 - HKLM\..Trusted Domains: net-nucleus.com ([awbeta] https in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..Trusted Domains: //@mail.mar@/ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..Trusted Domains: //@signup.mar@/ ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dog
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - c:\program files\relevantknowledge\rlls.dll - c:\program files\relevantknowledge\rlls.dll File not found
O22 - SharedTaskScheduler: {588599f4-de26-4c28-ba14-f4eb17e33481} - emptins - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Big Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Big Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/20 16:05:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9dec7d34-edeb-11de-9b85-0013d49e3795}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/13 05:59:43 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Big Bill\Desktop\OTL.exe
[2010/09/13 03:41:42 | 000,139,112 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Big Bill\Desktop\322756.exe
[2010/09/12 20:54:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Big Bill\Recent
[2010/09/12 12:45:57 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Big Bill\Desktop\ccsetup235.exe
[2010/09/12 08:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/12 06:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/04 01:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/09/03 20:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\Desktop\gmer
[2010/08/31 19:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\iKnowPS
[2010/08/30 15:08:02 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/30 14:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\Local Settings\Application Data\Deployment
[2010/08/30 09:39:51 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010/08/30 09:39:50 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/08/30 09:39:50 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/08/30 09:39:43 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/08/30 09:39:40 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/08/30 09:39:40 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/08/30 09:39:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/08/30 09:39:39 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010/08/30 09:39:39 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/08/30 09:39:36 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010/08/30 09:39:36 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010/08/30 09:39:35 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010/08/30 09:39:35 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010/08/30 09:39:35 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010/08/30 09:39:34 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010/08/30 09:39:34 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010/08/30 09:39:34 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010/08/30 09:39:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010/08/30 09:39:33 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010/08/30 09:39:33 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/08/30 09:39:32 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/08/30 09:39:32 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2010/08/30 09:39:32 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2010/08/30 09:39:32 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2010/08/30 09:39:23 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010/08/30 09:39:23 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/08/30 09:39:23 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2010/08/30 09:39:23 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010/08/30 09:39:22 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010/08/30 09:39:22 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010/08/30 09:39:22 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2010/08/30 09:39:21 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2010/08/30 09:39:21 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2010/08/30 09:39:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2010/08/30 09:39:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010/08/30 09:38:39 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/08/30 09:38:39 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/08/30 09:38:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2010/08/30 09:38:39 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/08/30 09:38:39 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/08/30 09:38:38 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/08/30 09:38:38 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/08/30 09:38:38 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010/08/30 09:38:37 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/08/30 09:38:37 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/08/30 09:38:37 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010/08/30 09:38:37 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010/08/30 09:38:37 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/08/30 09:38:36 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/08/30 09:38:36 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/08/30 09:38:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/08/30 09:38:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010/08/30 09:38:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010/08/30 09:38:35 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/08/30 09:38:35 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/08/30 09:38:35 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/08/30 09:38:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/08/30 09:38:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/08/30 09:38:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010/08/30 08:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/30 07:17:49 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Big Bill\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/30 05:01:18 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/08/30 04:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/30 04:36:35 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/30 04:36:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/30 04:36:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/30 04:36:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/29 18:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\Desktop\New Foldr
[2010/08/29 17:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\Local Settings\Application Data\NPE
[2010/08/29 15:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\Application Data\DriverCure
[2010/08/29 15:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\Application Data\ParetoLogic
[2010/08/29 15:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/08/29 14:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\Application Data\Malwarebytes
[2010/08/29 14:13:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/29 14:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/29 14:13:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/29 14:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/29 13:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/08/29 11:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\My Documents\Symantec
[2010/08/29 10:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Bill\Local Settings\Application Data\Symantec
[2010/08/29 10:02:01 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/13 06:00:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D3BF0B9B-FD6C-4DB5-8823-371E0E608EF8}.job
[2010/09/13 06:00:00 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CA37A5AC-137B-4FDB-8D63-8013484D13A9}.job
[2010/09/13 05:59:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Bill\Desktop\OTL.exe
[2010/09/13 05:12:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/13 04:01:46 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Big Bill\Desktop\HiJackThis.lnk
[2010/09/13 04:00:12 | 000,000,746 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/13 04:00:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/09/13 04:00:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/13 03:59:43 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/09/13 03:59:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/13 03:59:16 | 2147,004,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/13 03:58:15 | 005,881,856 | ---- | M] () -- C:\Documents and Settings\Big Bill\ntuser.dat
[2010/09/13 03:58:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Big Bill\ntuser.ini
[2010/09/13 03:58:14 | 002,255,804 | -H-- | M] () -- C:\Documents and Settings\Big Bill\Local Settings\Application Data\IconCache.db
[2010/09/13 03:41:42 | 000,139,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Big Bill\Desktop\322756.exe
[2010/09/13 00:32:35 | 000,004,696 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/12 12:46:28 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Big Bill\Desktop\ccsetup235.exe
[2010/09/12 11:45:54 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Big Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 03:37:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/09 03:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/09/08 16:08:32 | 000,000,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/09/05 02:14:52 | 000,001,318 | ---- | M] () -- C:\WINDOWS\maxlink.ini
[2010/09/03 20:09:52 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Big Bill\Desktop\gmer.zip
[2010/08/31 12:53:14 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/08/30 11:03:59 | 000,055,408 | ---- | M] () -- C:\Documents and Settings\Big Bill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/30 11:03:14 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/30 08:38:38 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Big Bill\Desktop\CCleaner.lnk
[2010/08/30 07:32:10 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2010/08/30 07:17:50 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Big Bill\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/30 00:34:06 | 000,520,908 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/30 00:34:06 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/30 00:34:06 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/29 23:28:49 | 000,000,020 | ---- | M] () -- C:\WINDOWS\calera.ini
[2010/08/29 23:27:00 | 000,000,011 | ---- | M] () -- C:\WINDOWS\PrintWorkShop2006.ini
[2010/08/29 23:19:18 | 000,000,892 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010/08/29 20:06:20 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\Big Bill\Desktop\Counter-Strike.url
[2010/08/29 19:56:27 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/08/29 19:29:07 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2010/08/29 19:04:19 | 005,457,920 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/08/29 19:04:19 | 004,121,600 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/08/29 16:57:53 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2010/08/29 14:10:23 | 000,001,223 | ---- | M] () -- C:\WINDOWS\WinInit.Ini
[2010/08/29 13:43:36 | 000,416,890 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/13 03:59:16 | 2147,004,416 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/13 00:32:34 | 000,004,696 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/12 08:13:53 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Big Bill\Desktop\HiJackThis.lnk
[2010/09/03 20:09:47 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Big Bill\Desktop\gmer.zip
[2010/09/03 20:08:05 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\Big Bill\defogger_disable.log
[2010/08/31 12:53:14 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2010/08/30 09:53:18 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Big Bill\FixJFI.log
[2010/08/30 09:39:38 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/08/30 09:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/08/30 09:39:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/08/30 09:39:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/08/30 09:39:37 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/08/30 09:39:37 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/08/30 09:39:36 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/08/30 09:39:36 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/08/30 09:39:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/08/30 09:39:33 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/08/30 08:38:38 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Big Bill\Desktop\CCleaner.lnk
[2010/08/29 23:27:50 | 000,832,421 | ---- | C] () -- C:\WINDOWS\_detmp.1
[2010/08/29 23:27:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\_detmp.2
[2010/08/29 20:06:20 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\Big Bill\Desktop\Counter-Strike.url
[2010/08/29 19:29:07 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2010/08/29 16:52:48 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2010/08/29 13:44:48 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/02/22 23:44:33 | 000,000,222 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2010/02/01 01:45:37 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\Big Bill\Application Data\HPCOM_48BitScanUpdate.log
[2010/02/01 01:45:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/28 00:20:34 | 000,001,318 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/01/28 00:20:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini
[2010/01/28 00:20:29 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2010/01/28 00:20:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2010/01/28 00:20:29 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2010/01/28 00:20:19 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2010/01/24 08:10:40 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Big Bill\Application Data\msnpromo.txt
[2010/01/19 19:12:23 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2009/12/28 21:04:34 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/12/27 03:30:17 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2009/12/22 22:30:35 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Big Bill\Local Settings\Application Data\fusioncache.dat
[2009/12/22 22:28:16 | 000,000,011 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2006.ini
[2009/12/18 08:51:28 | 000,000,214 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/12/18 08:51:25 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2009/12/15 16:17:33 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/12/15 16:16:05 | 000,000,892 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/10/16 10:00:25 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Big Bill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/20 22:32:13 | 000,000,050 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/11/14 12:30:36 | 000,074,280 | ---- | C] () -- C:\WINDOWS\System32\StmOCX.dll
[2006/10/02 01:42:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2006/04/14 19:30:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006/01/03 23:44:39 | 000,001,223 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2005/11/28 11:13:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2005/11/20 16:14:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/11/20 16:14:33 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2005/11/20 15:50:39 | 000,013,197 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/25 11:11:59 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2005/10/20 17:43:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/20 17:34:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\msxml3a.dll
[2005/10/20 16:22:27 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005/10/20 16:22:24 | 000,005,544 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/10/20 16:22:23 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/08/02 16:35:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/08/02 16:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B623B5B8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
< End of report >


~


OTL Extras logfile created on: 9/13/2010 6:00:34 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Big Bill\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.48 Gb Total Space | 88.99 Gb Free Space | 64.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOG
Current User Name: Big Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-861567501-1229272821-682003330-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07982F29-C7D6-423F-A100-C0FC67D0EC2F}" = EarthLink Wireless High Speed
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25F9791C-B446-462D-BDC6-F95BCBB81851}" = EarthLink Spyware Blocker
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37A89DF0-5DD6-48BB-BC34-0CEB2A9E6F63}" = LS_HSI
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{40939C6D-8F27-40B8-9CBC-72701624185D}" = Redistributed Files
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{5034E22F-C283-4A1E-9753-AFB1AC87B298}" = EarthLink Accelerator
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{71A4C7E7-1792-4895-A403-36814B2B4151}" = EarthLink FastLane
"{7217DF28-4855-421F-8FD9-377F50E2B93D}" = Print Workshop 2006
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C6C2BE2-C88D-469F-8649-ACAB2A5518B1}" = Deal Info
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F90DA605-4E92-11D4-A319-00104BCAB4AB}" =
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"AddressBook" =
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Branding" =
"CCleaner" = CCleaner
"Connection Manager" =
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"Fontcore" =
"Hoyle Card Games 3" = Hoyle Card Games 3
"Hoyle Casino '99 Demo" = Hoyle Casino '99 Demo
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Intel® Integrated Performance Primitives 1.1" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileOptionPack" =
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MSNMS" =
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OutlookExpress" =
"PaperPort 7.02" = PaperPort 7.02
"PCHealth" =
"QuickTime" = QuickTime
"SchedulingAgent" =
"Sierra Utilities" = Sierra Utilities
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"Who Wants To Be A Millionaire" = Who Wants To Be A Millionaire
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/13/2010 3:32:35 AM | Computer Name = DOG | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7886, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/13/2010 3:32:35 AM | Computer Name = DOG | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ContentFilter
(ContentFilter) failed. The Error code is the first DWORD in Data section.

Error - 9/13/2010 3:32:35 AM | Computer Name = DOG | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7886, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/13/2010 3:32:35 AM | Computer Name = DOG | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ISAPISearch
(ISAPISearch) failed. The Error code is the first DWORD in Data section.

Error - 9/13/2010 5:23:08 AM | Computer Name = DOG | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7886, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/13/2010 5:23:08 AM | Computer Name = DOG | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ContentIndex
(ContentIndex) failed. The Error code is the first DWORD in Data section.

Error - 9/13/2010 5:23:08 AM | Computer Name = DOG | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7886, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/13/2010 5:23:08 AM | Computer Name = DOG | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ContentFilter
(ContentFilter) failed. The Error code is the first DWORD in Data section.

Error - 9/13/2010 5:23:08 AM | Computer Name = DOG | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7886, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/13/2010 5:23:08 AM | Computer Name = DOG | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ISAPISearch
(ISAPISearch) failed. The Error code is the first DWORD in Data section.

[ System Events ]
Error - 9/13/2010 6:27:06 AM | Computer Name = DOG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/13/2010 6:28:25 AM | Computer Name = DOG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 ccHP Cdrom eeCtrl Fips Imapi Processor SRTSP SRTSPX SymDS SymEFA SymIRON SYMTDI

Error - 9/13/2010 6:58:15 AM | Computer Name = DOG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/13/2010 6:59:29 AM | Computer Name = DOG | Source = Print | ID = 23
Description = Printer Lexmark X74-X75,0 failed to initialize because a suitable
Lexmark X74-X75 driver could not be found.

Error - 9/13/2010 6:59:35 AM | Computer Name = DOG | Source = Service Control Manager | ID = 7000
Description = The Kodak DCFS2K Driver service failed to start due to the following
error: %%2

Error - 9/13/2010 6:59:35 AM | Computer Name = DOG | Source = Service Control Manager | ID = 7000
Description = The AEGIS Protocol (IEEE 802.1x) v3.5.3.0 service failed to start
due to the following error: %%2

Error - 9/13/2010 6:59:35 AM | Computer Name = DOG | Source = Service Control Manager | ID = 7000
Description = The WebClient service failed to start due to the following error:
%%1290

Error - 9/13/2010 6:59:35 AM | Computer Name = DOG | Source = Service Control Manager | ID = 7000
Description = The Kodak Camera Connection Software service failed to start due to
the following error: %%2

Error - 9/13/2010 6:59:35 AM | Computer Name = DOG | Source = Service Control Manager | ID = 7000
Description = The Norton AntiVirus service failed to start due to the following
error: %%3

Error - 9/13/2010 6:59:41 AM | Computer Name = DOG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 ccHP eeCtrl Imapi SRTSP SRTSPX SymDS SymEFA SymIRON SYMTDI


< End of report >


#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:21 AM

Posted 13 September 2010 - 08:49 AM

Hi,

I do not see the need of doing a reformat.

Which Anti Virus product do you want to keep or remove? I can see both CA Internet Security Suite and Norton AntiVirus on your log. As well as the installer for AVG.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.



==========================================


Are you aware or did you install Fast Browser Search (My Web Tattoo) by yourself? If not, please go to Control Panel > Add Remove programs and remove it.


==========================================


Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box. Do not include the word "Code".

    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {21608B66-026F-4DCB-9244-0DACA328DCED} - No CLSID value found.
    O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
    O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - No CLSID value found.
    O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
    O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found.
    O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
    O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D7293762-9884-48E2-B836-E0195B9D91D0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
    O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
    O3 - HKU\S-1-5-21-861567501-1229272821-682003330-1008\..\Toolbar\WebBrowser: (no name) - {D7293762-9884-48E2-B836-E0195B9D91D0} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
    O4 - HKU\.DEFAULT..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
    O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
    O4 - HKU\S-1-5-18..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: isamonitor.exe = C:\Program Files\Key Generator\isamonitor.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: pmsngr.exe = C:\Program Files\Key Generator\pmsngr.exe File not found
    O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - Reg Error: Key error. File not found
    [2010/08/30 15:08:02 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]

  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 koin

koin
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 13 September 2010 - 09:36 AM

Thanks thats good news on the reformat.

I would like Norton to be my only Anti-Virus.

I have been aware but have no clue as to how the
'Fast Browser Search' ( My web Tattoo ) got on here.
I've tried removing it from the add/remove programs
multiple times and all it does is makes a flash accrossed
screen. ( Sorry I cant describe it any better for ya ).

~

After the reboot, the log successfully came right up.
Along with a System Configuration error, stating...

'An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes. I select OK and another dialog box comes up stating
'You must restart your computer for some of the changes made by System Configuration to take effect.'
( I've noticed this error on the past 5 reboots, not sure if that can help you at all. )

~



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A58686ED-FC46-44C3-95C6-4A812AB776F1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A58686ED-FC46-44C3-95C6-4A812AB776F1}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7293762-9884-48E2-B836-E0195B9D91D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7293762-9884-48E2-B836-E0195B9D91D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1229272821-682003330-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1229272821-682003330-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1229272821-682003330-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1229272821-682003330-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1229272821-682003330-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7293762-9884-48E2-B836-E0195B9D91D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7293762-9884-48E2-B836-E0195B9D91D0}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ALUAlert deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ALUAlert not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\isamonitor.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\pmsngr.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ not found.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4538861 bytes
->FireFox cache emptied: 21588372 bytes

User: Administrator.DOG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4538861 bytes
->FireFox cache emptied: 3468312 bytes

User: All Users

User: Big Bill
->Temp folder emptied: 106454465 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45980887 bytes
->Flash cache emptied: 38385 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4538861 bytes

User: Guest
->Temp folder emptied: 5236896 bytes
->Temporary Internet Files folder emptied: 54582737 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10143227 bytes
->Flash cache emptied: 21116 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1215353 bytes
->FireFox cache emptied: 57476160 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 468936 bytes

User: WiziWYG XP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162462 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 49481134 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 139112 bytes

Total Files Cleaned = 355.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.DOG

User: All Users

User: Big Bill
->Flash cache emptied: 0 bytes

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: WiziWYG XP

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.12.0 log created on 09132010_072229

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:21 AM

Posted 13 September 2010 - 10:01 AM

Thanks for the feedback. Please double check on your Control Panel if there are any other Anti Virus program installed aside from Norton then uninstall them. Your Norton Anti Virus is also damage that's why its not properly working, but we will fix it later.

It's possible that Fast Browser Search' ( My web Tattoo ) was installed when you downloaded or installed some application on Facebook.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.
Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:
  1. Leave your computer alone while ComboFix is running.
  2. ComboFix will restart your computer if malware is found; allow it to do so.
  3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  4. Please do not mouseclick combofix's window while its running because it may call it to stall.
  5. ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.








~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 koin

koin
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 13 September 2010 - 05:33 PM

I've tried drastictly to disable this AntiVirus in my Windows Security Center but havent had no luck so I havent tried ComboFix yet.

I am not too comp savy but Im pretty sure there were no AntiVirus in my control-panel.
Im not sure what to do from here. I searched all over this comp lookin for another AntiVirus
and the closest I could come up with was this Nvidia Firewall.
I've been meaning to ask, my notebook connects through the same modem as the infected
PC. And ive recently noticed it has been acting up aswell.
My point/theory is im curious if the the Infection could slip through my Modem and spread
more rubbish onto the Notebook !?, And i know this sounds rediculous after that theory,
but is it possible for the Norton Anti-Virus on my Notebook to somehow provide protection
for the Infected PC ?, I havent tried to troubleshoot this Idea from my Notebook yet.

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:21 AM

Posted 14 September 2010 - 08:36 AM

Hi,

Yes, some infections can be transferred through network and your Syamntec can't provide the protection for the other PC.

Please run Combofix in safe mode, kindly monitor it while running and when it restarts your PC automatically... make sure to start it again in safe mode to complete the process.
How to boot in safe mode -> http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 koin

koin
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 14 September 2010 - 11:13 AM

i received an error right after I chose to run it.

C|\Documents and settings\Big Bill\Desktop\ComoFix.exe

A device attatched to the system is not functioning.

I retried the exe and received this error.

ComboFix.exe has encountered a problem and needs to close. We are sorry the inconvenience.
It leaves me the options to Send Error Report to Microsoft or not.
I just learned that it created a Technical Information report and im not sure this is important in
helping you help me but I'll have it ready to paste on next post if so.

Edited by koin, 14 September 2010 - 11:24 AM.


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:21 AM

Posted 14 September 2010 - 11:33 AM

1. Please check volume for errors.
  1. To check the volume for errors:
  2. Click start and then My Computer.
  3. Right click the drive C and select Properties.
  4. Under Tools tab press Check Now...
  5. Put a check mark in both items and press start.
  6. If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.


2. Please download Malwarebytes' Anti-Malware from here:
MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 koin

koin
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 14 September 2010 - 12:58 PM

Error
c:\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng

An error occurred while trying to copy a file.
The source file is corrupted.

Click Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel Installation.

I am itching to skip this file but I think I shall wait for a response.


[ does this help at all ?]

Upon every reboot the PC, System Configuration Utility still happens to
pop up stating its in some mode, so I click ok followed by another ok
which brings up this error.

An Access Denied error was returned while attempting to change a service.
You may need to log on using an Administrator account to make the specified changes.
Clicking the ok box brings up a dialog box saying You must reboot for some of the
changes made correctly by System Configuration to take/affect.

I've tried rebooting in safe mode, safe mode with networking and Enable Boot Logging
and all of them get same response.

I Thank you a lot for getting me this far.

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:21 AM

Posted 15 September 2010 - 08:03 AM

Yes it helps a lot, thanks.


Please click Start > Run and copy paste the bolded text below then press Enter.
SFC.EXE /SCANNOW
  • The program may (or it may not) ask you for your Windows XP installation CD, please insert it at the prompt.
  • If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.
Note: In the event the the system asks you for the CD, you must visit Windows Update immediately after the scan is completed (Please note that there won't be any confirmation dialog - the program will just exit without telling you anything).

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 koin

koin
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 15 September 2010 - 09:22 AM

I can't find my Windows XP Home Edition CD for the life of me.
I'm not sure what to say or do at this point, mad.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users