Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis v2.0.4


  • This topic is locked This topic is locked
16 replies to this topic

#1 infonut

infonut

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 15 February 2011 - 06:35 PM

Hi,
My situation: A new work computer that came back to me (to replace the old) riddled with spyware. Technically legal (I know), but I'm removing it and if they want to own up to putting it there they can come tell me and I will deal with it. If they are honest with me, I will be honest with them. I suspect they will never say a word b/c they didn't think I'd know. So if I remove it and they say nothing, I'm happier, they are what they are. I have removed much on advast, norton 360, spybot and malwarebytes. Am just trying to make sure I got it alL. I am set up as an administrator b/c I'm remote.

So question 1: If the IT guy who set up windows 7 (home premium, sad to say) also put on spyware, is that less detectable than someone who gets you through the internet? Since he is the administrator afterall. I know he could do anything he wants cuz he had the computer, my question is can I still detect it or is going to be considered legit since the admin put it on?

Question 2: After all spware removal mentioned above, here is my HT log--which I right clicked to run as an administrator. I'm a paper pusher, not a computer person, so any help appreciated. I put *** around places where I am most concerned.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:14:44 PM, on 2/15/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\`www (programs)\Everything\Everything.exe
C:\Program Files (x86)\`www (programs)\IObit Security 360\is360.exe
C:\Program Files (x86)\`www (programs)\IObit Security 360\is360tray.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Users\Lisa\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\`WWW(P~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files (x86)\`www (programs)\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\TeaTimer.exe

***O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')***

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\`WWW(P~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\`WWW(P~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

***O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: IS360service - IObit - C:\Program Files (x86)\`www (programs)\IObit Security 360\IS360srv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)***

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\SDWinSec.exe

***
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)***


--
End of file - 6882 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 infonut

infonut
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 21 February 2011 - 05:50 PM

Hi guys,

Tomorrow makes a week since I first asked. I know you guys are volunteers and VERY busy, but thought I'd check in to see if there is anyone who can help me? Major problem is that I have all my data (including personal data) backed up on a hard drive that i don't want to atttach to my machine b/c i don't want the spyware to migrate to my external drive--and I'm not sure that it wouldn't. So I have been doing this piecemeal affair, moving things over piece by piece: I can put data in on a flash drive with a mac that i have, but the mac doesn't have MS Office (or ANY word processing) so I can't just stay on the mac, and I can't use the mac to search the external hard drive b/c they are incompatible (at least that is how I understand it--if someone knows differently I am all ears). So, so. It is a very painful time. I can't find things b/c I can't search, when I do find them I have to move them over one by one, yada, yada.

Anyone want to give this a shot at figuring it out?

Would be MOST appreciated!

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 21 February 2011 - 07:48 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 infonut

infonut
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 22 February 2011 - 01:55 AM

Oh, bless you! Or whatever other expession of graditude is proper.
I'm all ears (and typing fingers)
Just let me know what i need to do.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 22 February 2011 - 04:58 PM

Okay, well the good news is all your asterisked items are legitimate. The bad news is that HijackThis isn't the best scanner to use these days so I need some new logs...

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#6 infonut

infonut
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 23 February 2011 - 01:09 AM

Hi there,
I keep having these busy days, so I end up here at night. I'm hoping I can make it on sooner tomorrow so I don't slow you down. One nice thing for you is that, since the computer has a new hard drive (though i'm thinking it's a used one that may not have been wiped clean), there is nothing on here except spyware removal programs!(and a few small files) That should be less for you to look thru.

Here is the log:

OTL logfile created on: 2/22/2011 10:57:29 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Lisa\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 207.13 Gb Free Space | 88.98% Space Free | Partition Type: NTFS

Computer Name: PC1 | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lisa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\`www (programs)\IObit Security 360\is360tray.exe (IObit)
PRC - C:\Program Files (x86)\`www (programs)\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Lisa\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IS360service) -- C:\Program Files (x86)\`www (programs)\IObit Security 360\is360srv.exe (IObit)
SRV - (N360) -- C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110221.019\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110221.019\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110218.003\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx64.sys (Symantec Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 98 FE 8A 77 CC CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2011/02/14 22:32:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2011/02/14 19:57:48 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/15 01:14:32 | 000,429,948 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14798 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\www\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\`www (programs)\IObit Security 360\IS360tray.exe (IObit)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\`www (programs)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/22 22:55:51 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2011/02/21 02:41:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\TurboTax
[2011/02/21 02:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 4.0
[2011/02/21 02:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/02/21 02:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax Home & Business 2006
[2011/02/21 02:40:19 | 001,716,297 | ---- | C] (Intuit Inc.) -- C:\Windows\SysWow64\InetClnt.dll
[2011/02/21 02:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2011/02/21 02:14:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\com.zipeg
[2011/02/21 02:14:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Zipeg
[2011/02/21 02:14:00 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/02/21 02:14:00 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/02/21 02:14:00 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/02/21 02:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/02/21 02:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/02/21 00:18:31 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CrashDumps
[2011/02/21 00:17:00 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Intuit
[2011/02/21 00:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/02/20 22:39:18 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/02/17 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Updates to add
[2011/02/17 21:21:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\10.2 apr-may
[2011/02/16 14:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2011/02/16 14:40:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2011/02/16 14:40:20 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll
[2011/02/16 14:40:17 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll
[2011/02/16 14:40:17 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll
[2011/02/16 14:40:16 | 000,179,200 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09a.dll
[2011/02/16 14:40:16 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2011/02/16 14:40:16 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2011/02/16 14:40:16 | 000,050,176 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09a.dll
[2011/02/16 14:40:16 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2011/02/16 14:40:16 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2011/02/16 14:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2011/02/16 14:40:13 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2011/02/16 14:40:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/02/16 14:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011/02/16 14:37:49 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\InstallShield
[2011/02/16 14:30:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\ElevatedDiagnostics
[2011/02/15 13:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Security 360
[2011/02/15 13:43:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\IObit
[2011/02/15 13:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/02/15 11:32:03 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/02/15 11:25:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/15 11:15:52 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/02/15 11:03:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2011/02/15 10:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/02/15 01:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/14 23:57:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2011/02/14 23:57:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/14 23:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/14 23:57:16 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/14 23:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/02/14 23:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/02/14 23:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\`www (programs)
[2011/02/14 23:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\`www (programs)
[2011/02/14 22:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/02/14 22:37:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\N360_BACKUP
[2011/02/14 22:33:39 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys
[2011/02/14 22:33:39 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys
[2011/02/14 22:33:39 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys
[2011/02/14 22:33:39 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys
[2011/02/14 22:33:39 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys
[2011/02/14 22:33:38 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys
[2011/02/14 22:33:37 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys
[2011/02/14 22:33:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0403000.005
[2011/02/14 19:58:15 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Symantec
[2011/02/14 19:57:12 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/02/14 19:57:12 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/02/14 19:57:12 | 000,034,152 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/02/14 19:57:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/02/14 19:57:10 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/02/14 19:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/02/14 19:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/02/14 19:56:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/02/14 19:56:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/02/14 19:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/02/14 19:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/02/14 19:49:05 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/02/14 19:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/02/14 19:21:50 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Amazon
[2011/02/14 19:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\www
[2011/02/14 19:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/02/14 16:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/02/14 16:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/02/14 16:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/02/14 16:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/02/14 16:27:40 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Adobe
[2011/02/14 16:25:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Macromedia
[2011/02/14 16:25:32 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Adobe
[2011/02/14 16:25:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/02/14 15:10:27 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/02/14 15:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/14 12:34:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/14 12:34:08 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/14 12:34:08 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/14 12:34:08 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/14 12:34:08 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/14 12:34:08 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/14 12:34:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/14 12:34:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/14 12:34:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/14 12:34:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/14 12:34:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/14 12:34:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/14 12:34:04 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/14 12:34:04 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/14 12:34:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/14 12:34:01 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/14 12:34:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/14 12:34:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/14 12:34:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/14 12:34:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/14 12:33:57 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/14 12:33:56 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/14 12:33:56 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/14 12:33:56 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/14 12:33:56 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/14 12:33:56 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/14 12:33:55 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/14 12:33:55 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/14 12:33:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/14 12:33:55 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/14 12:33:54 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/14 12:33:54 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/14 12:33:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/14 12:33:54 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/14 12:33:53 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/14 12:33:53 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/14 12:33:53 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/14 12:33:53 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/14 12:33:53 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/14 12:33:53 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/14 12:33:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/14 12:33:53 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/14 12:33:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/14 12:33:53 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/14 12:33:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/14 12:33:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/14 12:33:52 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/14 12:33:50 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/14 12:33:15 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/14 12:33:15 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/14 12:33:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/14 12:32:12 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/14 12:32:12 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/14 12:32:12 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/14 12:32:11 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/14 12:31:57 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/14 12:31:57 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/14 12:31:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/14 12:31:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/14 12:31:55 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/02/14 12:31:55 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/02/14 11:45:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Diagnostics
[2011/01/31 08:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\k2logs
[2011/01/31 07:41:26 | 000,544,833 | ---- | C] (Stardock) -- C:\Windows\SysWow64\wbocx.ocx
[2011/01/31 07:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AKLogData64
[2011/01/31 07:17:18 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/01/31 07:17:18 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2011/01/31 07:17:18 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\SysWow64\wbhelp2.dll
[2011/01/31 07:17:18 | 000,028,160 | ---- | C] (Neil Banfield) -- C:\Windows\SysWow64\anim.dll
[2011/01/31 06:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/01/31 06:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H
[2011/01/31 06:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2011/01/31 06:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/01/31 06:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/01/31 06:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/01/31 06:08:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/01/31 06:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/01/31 06:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/01/31 06:07:15 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/01/31 05:58:58 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/01/31 05:52:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/01/31 05:50:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/01/31 05:49:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/31 05:48:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/22 23:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/02/22 22:55:52 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2011/02/22 22:55:01 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/22 22:55:01 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/22 22:52:06 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/22 22:52:06 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/22 22:52:06 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/22 22:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/22 22:47:35 | 3018,186,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/22 00:43:56 | 001,235,822 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
[2011/02/21 03:07:57 | 000,000,884 | ---- | M] () -- C:\Users\Lisa\Desktop\My Docs.lnk
[2011/02/21 02:40:47 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax Home & Business 2006.lnk
[2011/02/21 02:40:07 | 000,072,935 | ---- | M] () -- C:\Windows\Instlog.lyt
[2011/02/21 02:39:33 | 000,000,562 | ---- | M] () -- C:\Windows\Instcomp.lyt
[2011/02/21 02:14:09 | 000,002,002 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Zipeg.lnk
[2011/02/16 14:41:37 | 000,000,240 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011/02/16 14:41:37 | 000,000,086 | ---- | M] () -- C:\Windows\brpcfx.ini
[2011/02/16 14:40:59 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2011/02/16 14:40:59 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd7420.dat
[2011/02/16 14:40:56 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/02/16 14:40:55 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7420.DAT
[2011/02/15 16:35:24 | 000,030,720 | ---- | M] () -- C:\Users\Lisa\Desktop\hijackthis.doc
[2011/02/15 11:25:30 | 380,987,637 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/15 10:51:26 | 000,001,137 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/15 01:14:32 | 000,429,948 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/02/14 20:11:05 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/02/14 19:57:04 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/02/14 19:57:04 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/02/14 19:57:04 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/02/14 19:55:27 | 000,000,476 | ---- | M] () -- C:\Users\Lisa\Desktop\Local Disk © - Shortcut.lnk
[2011/02/14 15:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/02/14 13:19:41 | 000,416,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/09 09:18:00 | 000,001,441 | ---- | M] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/31 07:59:30 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\4E37A837910D.ini
[2011/01/31 07:35:46 | 000,000,046 | ---- | M] () -- C:\Windows\SysNative\4E37A837910D.ini
[2011/01/31 06:24:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/01/31 05:53:16 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/01/31 05:53:16 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/01/31 05:51:43 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/01/25 23:53:10 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/25 23:31:20 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/21 03:07:57 | 000,000,884 | ---- | C] () -- C:\Users\Lisa\Desktop\My Docs.lnk
[2011/02/21 02:40:46 | 000,002,376 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax Home & Business 2006.lnk
[2011/02/21 02:39:33 | 000,000,562 | ---- | C] () -- C:\Windows\Instcomp.lyt
[2011/02/21 02:38:09 | 000,072,935 | ---- | C] () -- C:\Windows\Instlog.lyt
[2011/02/21 02:14:09 | 000,002,002 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Zipeg.lnk
[2011/02/21 02:14:09 | 000,002,002 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zipeg.lnk
[2011/02/16 14:41:37 | 000,000,240 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/02/16 14:41:37 | 000,000,086 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/02/16 14:40:59 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd7420.dat
[2011/02/16 14:40:56 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/16 14:40:55 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7420.DAT
[2011/02/16 14:40:17 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/02/16 14:40:17 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/02/16 14:40:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/02/15 14:58:42 | 000,030,720 | ---- | C] () -- C:\Users\Lisa\Desktop\hijackthis.doc
[2011/02/15 11:19:51 | 380,987,637 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/15 10:51:26 | 000,001,137 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/14 22:34:46 | 001,235,822 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
[2011/02/14 22:33:39 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.cat
[2011/02/14 22:33:39 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnetv64.cat
[2011/02/14 22:33:39 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.cat
[2011/02/14 22:33:39 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.cat
[2011/02/14 22:33:39 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnet64.cat
[2011/02/14 22:33:39 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa.inf
[2011/02/14 22:33:39 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds.inf
[2011/02/14 22:33:39 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnetv.inf
[2011/02/14 22:33:39 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnet.inf
[2011/02/14 22:33:39 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.inf
[2011/02/14 22:33:38 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.cat
[2011/02/14 22:33:38 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.inf
[2011/02/14 22:33:38 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\iron.inf
[2011/02/14 22:33:37 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\iron.cat
[2011/02/14 22:33:37 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.cat
[2011/02/14 22:33:37 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.inf
[2011/02/14 22:33:05 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\isolate.ini
[2011/02/14 19:57:10 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/02/14 19:57:10 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/02/14 19:55:27 | 000,000,476 | ---- | C] () -- C:\Users\Lisa\Desktop\Local Disk © - Shortcut.lnk
[2011/02/14 16:32:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/02/14 15:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/02/09 09:18:00 | 000,001,441 | ---- | C] () -- C:\Users\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/31 07:42:26 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\4E37A837910D.ini
[2011/01/31 07:17:24 | 000,000,046 | ---- | C] () -- C:\Windows\SysNative\4E37A837910D.ini
[2011/01/31 06:24:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/01/31 06:12:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/31 05:52:52 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/01/31 05:52:47 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/01/31 05:51:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/31 05:49:15 | 3018,186,752 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/02/14 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Amazon
[2011/02/15 13:43:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IObit
[2011/02/22 23:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009/07/13 22:08:49 | 000,006,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#7 infonut

infonut
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 23 February 2011 - 01:13 AM

Here is the Extras file:

OTL Extras logfile created on: 2/22/2011 10:57:29 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Lisa\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 207.13 Gb Free Space | 88.98% Space Free | Partition Type: NTFS

Computer Name: PC1 | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7420
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EA8094D3-180E-4A56-805E-D937EE18A779}" = TurboTax 2005 - MSXML 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Everything" = Everything 1.2.1.371
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"N360" = Norton 360
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Zipeg" = Zipeg

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2011 3:29:38 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0xdb4 Faulting application start time: 0x01cbd19918632b6a Faulting application
path: C:\Program Files (x86)\TurboTax Home & Business 2006\TurboTax Home & Business
2006\DlInst\Setup.exe Faulting module path: C:\Program Files (x86)\TurboTax Home
& Business 2006\TurboTax Home & Business 2006\DlInst\Setup.exe Report Id: 563cf077-3d8c-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 3:29:59 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0x11b8 Faulting application start time: 0x01cbd19924f7d301 Faulting application
path: C:\Program Files (x86)\TurboTax Home & Business 2006\TurboTax Home & Business
2006\DlInst\Setup.exe Faulting module path: C:\Program Files (x86)\TurboTax Home
& Business 2006\TurboTax Home & Business 2006\DlInst\Setup.exe Report Id: 62fa0f78-3d8c-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 4:12:29 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0x130c Faulting application start time: 0x01cbd19f13fea9df Faulting application
path: C:\Program Files (x86)\TurboTax Home & Business 2006\TurboTax Home & Business
2006\DlInst\Setup.exe Faulting module path: C:\Program Files (x86)\TurboTax Home
& Business 2006\TurboTax Home & Business 2006\DlInst\Setup.exe Report Id: 52e3092f-3d92-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 4:38:53 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0xda8 Faulting application start time: 0x01cbd1a2c5194905 Faulting application
path: C:\Program Files (x86)\TurboTax Home & Business 2006\TurboTax Home & Business
2006\DlInst\Setup.exe Faulting module path: C:\Program Files (x86)\TurboTax Home
& Business 2006\TurboTax Home & Business 2006\DlInst\Setup.exe Report Id: 03087a77-3d96-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 5:19:49 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0x8bc Faulting application start time: 0x01cbd1a87ce70bee Faulting application
path: C:\Users\Lisa\AppData\Local\Zipeg\Cache\1BB4118DB7B1.1054\1BB411BA0EDF.1054\Turbo
Tax 2006 Home & Business\DlInst\Setup.exe Faulting module path: C:\Users\Lisa\AppData\Local\Zipeg\Cache\1BB4118DB7B1.1054\1BB411BA0EDF.1054\Turbo
Tax 2006 Home & Business\DlInst\Setup.exe Report Id: baeba9c5-3d9b-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 5:21:27 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0xe5c Faulting application start time: 0x01cbd1a8b789b9a8 Faulting application
path: C:\Users\Lisa\AppData\Local\Zipeg\Cache\1BB4118DB7B1.1054\1BB411BA0EDF.1054\Turbo
Tax 2006 Home & Business\DlInst\Setup.exe Faulting module path: C:\Users\Lisa\AppData\Local\Zipeg\Cache\1BB4118DB7B1.1054\1BB411BA0EDF.1054\Turbo
Tax 2006 Home & Business\DlInst\Setup.exe Report Id: f559f931-3d9b-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 5:23:11 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0x100c Faulting application start time: 0x01cbd1a8f56d8976 Faulting application
path: C:\Program Files (x86)\`www (programs)\TurboTax Home & Business 2006\Turbo
Tax 2006 Home & Business\DlInst\Setup.exe Faulting module path: C:\Program Files
(x86)\`www (programs)\TurboTax Home & Business 2006\Turbo Tax 2006 Home & Business\DlInst\Setup.exe
Report
Id: 33533566-3d9c-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 5:26:25 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0xa6c Faulting application start time: 0x01cbd1a9687538f8 Faulting application
path: C:\Program Files (x86)\`www (programs)\TurboTax Home & Business 2006\Turbo
Tax 2006 Home & Business\DlInst\Setup.exe Faulting module path: C:\Program Files
(x86)\`www (programs)\TurboTax Home & Business 2006\Turbo Tax 2006 Home & Business\DlInst\Setup.exe
Report
Id: a6f0dbae-3d9c-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 5:27:28 AM | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application name: Setup.exe_InstallShield, version: 12.0.0.49974,
time stamp: 0x4474907b Faulting module name: Setup.exe, version: 12.0.0.49974, time
stamp: 0x4474907b Exception code: 0xc0000005 Fault offset: 0x0001e48b Faulting process
id: 0xd8c Faulting application start time: 0x01cbd1a98ea0af18 Faulting application
path: C:\Program Files (x86)\`www (programs)\TurboTax Home & Business 2006\Turbo
Tax 2006 Home & Business\DlInst\Setup.exe Faulting module path: C:\Program Files
(x86)\`www (programs)\TurboTax Home & Business 2006\Turbo Tax 2006 Home & Business\DlInst\Setup.exe
Report
Id: cc9e28cd-3d9c-11e0-8c1d-00235a45ef9f

Error - 2/21/2011 6:54:25 AM | Computer Name = PC1 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\`www
(programs)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy
file "c:\program files (x86)\`www (programs)\spybot - search & destroy\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

[ System Events ]
Error - 2/20/2011 8:49:44 PM | Computer Name = PC1 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/20/2011 8:52:48 PM | Computer Name = PC1 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:51:41 PM on ?2/?20/?2011 was unexpected.

Error - 2/20/2011 8:52:47 PM | Computer Name = PC1 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/20/2011 8:52:47 PM | Computer Name = PC1 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/21/2011 1:38:05 AM | Computer Name = PC1 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/21/2011 6:37:41 PM | Computer Name = PC1 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/22/2011 2:50:48 AM | Computer Name = PC1 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/23/2011 1:39:08 AM | Computer Name = PC1 | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/23/2011 1:47:41 AM | Computer Name = PC1 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/23/2011 1:47:41 AM | Computer Name = PC1 | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

#8 infonut

infonut
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 23 February 2011 - 10:03 AM

Well, well. It sounds like I have truly good news--the GMER scan said

"GMER hasn't found any system modification."

So it's either truly stealth because it was put on by the IT admin guy or I got rid of the spyware when I ran all my initial removal programs (there were a lot!). Or...?

Thanks again for taking the time for this.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 23 February 2011 - 05:28 PM

Actually I think most of it has gone. There are two things to deal with so we need OTL again

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:files
C:\Windows\tasks\At*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#10 infonut

infonut
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 23 February 2011 - 07:53 PM

Well all I can say is that I'm thankful people like you exist. All my malware removal programs (and I've run about 4-5 diff programs) say the computer is clean. Thank you for giving it the extra scrubbing to actually make it so!

The scan was fast.

Here is the log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.21.0 log created on 02232011_174618

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 23 February 2011 - 08:42 PM

You're welcome. I don't know what you've run but I am going to ask for an ESET scan as a final checker

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#12 infonut

infonut
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 24 February 2011 - 01:57 PM

Well Yippee! It said no threats found. So I assume there was no log to copy (and hence I didn't look for one). Also, many thanks in that I see ESET says "'Potentially unsafe applications' is the classification used for commercial, legitimate software. This classification includes programs such as remote access tools, password-cracking applications, and keyloggers (a program recording each keystroke a user types)." That was something I was quite concerned about, so thanks for recommending a program that covers that. I'm glad to know such a program exists.

Since it seems like we are coming to a finale, I wanted to ask 4 q's before you close the case: 1)My computer has a case of jumping cursor--which from all I've read is most likely hardware/win 7 settings related. Whatever the case, if it was viral, I can assume it would have been picked up in all of this. Yes? 2) Is it ok to ask what antivirus you (or bleeping computer) recommend? It's obvious you would know what works best. 3)Along those lines, are the free ones sucas AVG, Avast or Antivir sufficient? Before this incident I used AVG and never had a problem I knew about -- I'm pretty careful. If you're not supposed to answer these types of questions, no prob. Last question, I'm more than happy to donate (I can't tell you how happy/relieved/appreciateive I am that there are people who help those such as myself), but have no idea how much. Is there a suggested donation?

Thanks so much again. Let me know if there is more to do!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 24 February 2011 - 07:07 PM

1)My computer has a case of jumping cursor--which from all I've read is most likely hardware/win 7 settings related. Whatever the case, if it was viral, I can assume it would have been picked up in all of this. Yes? 2) Is it ok to ask what antivirus you (or bleeping computer) recommend? It's obvious you would know what works best. 3)Along those lines, are the free ones sucas AVG, Avast or Antivir sufficient? Before this incident I used AVG and never had a problem I knew about -- I'm pretty careful. If you're not supposed to answer these types of questions, no prob. Last question, I'm more than happy to donate (I can't tell you how happy/relieved/appreciateive I am that there are people who help those such as myself), but have no idea how much. Is there a suggested donation?


Okay, here we go.... :)

1) Jumping cursors. I have never seen this caused by malware. It's usually the hardware/drivers that cause this, as you rightly say.
2) You can certainly ask and my recommendations are below in the final instructions.
3) Free AVs are legitimate and getting better and better. I use Avast free and although it doesn't have all the bells and whistles that the paid version does it is updated and is an efficient tool. They often get support dropped from them after a time but there are always choices available.
4) Donate whatever you wish. We do this voluntarily so any donation is a very nice gesture. PM me if you would like clarification on any of these points.

Let's clear up, and then once that's done there's some reading to be done.

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it infonut, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#14 infonut

infonut
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 25 February 2011 - 12:27 AM

Wow. Can't even begin to tell you how happy I am. SUCH a relief! I just feel so much better knowing that someone who really does know says it's ok. What a world we live in--much beyond the scope of my own knowledge. Thanks so much for your help!

And thanks also for the answers and the very thorough advice. Much appreciated and very helpful.

I wish you much success in virus busting. A thousand thanks for your generosity and time. It's my plan to not have need to use your services again! : )

Best!

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:20 PM

Posted 25 February 2011 - 04:48 PM

I hope never to have to help you again :P

Thanks infonut
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users