Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
41 replies to this topic

#1 Downfall

Downfall

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 27 April 2011 - 11:57 PM

Well I'm unsure how I got this virus but alas I have it. I did some research on it and tried the methods suggested but to no avail. I also ran Malware Bytes and Spy Bot scans but nothing was detected. I'm running a Windows XP can I get some help with this as it is quite annoying :>

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.

If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Every time I run the "DDS" scan it gets about 3/4 of the way through and then freezes up and so does everything else on my computer requiring a system reboot to go back to normal. I've tried it 5+ times now with the same result every time.

I've hopefully attached my GMER logs to this post and so perhaps this will shed some light on the issue.

EDIT: Please be patient. There are over 440 unanswered topics in this forum at present and the current average wait time to receive help is 10 days. ~Budapest

Attached Files

  • Attached File  ark.txt   13.72KB   7 downloads

Edited by Budapest, 30 April 2011 - 01:10 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:21 AM

Posted 30 April 2011 - 07:47 AM

Hi

Please do the following:

  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Under Custom scan's and fixes section paste in the below text


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button.
  • Do not change any other settings. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Downfall

Downfall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 01 May 2011 - 11:53 AM

OTL Extras logfile created on: 5/1/2011 11:18:49 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jack\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 88.47 Gb Free Space | 59.36% Space Free | Partition Type: NTFS

Computer Name: KIDS | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58398:TCP" = 58398:TCP:*:Enabled:Pando Media Booster
"58398:UDP" = 58398:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"16000:UDP" = 16000:UDP:*:Enabled:AOEOEOEOEEOE
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"58398:TCP" = 58398:TCP:*:Enabled:Pando Media Booster
"58398:UDP" = 58398:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 7 for Students -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 7 for Students Kernel -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Deusty\Mojo\Mojo.exe" = C:\Program Files\Deusty\Mojo\Mojo.exe:*:Enabled:Mojo -- (Deusty)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE" = C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Jack\My Documents\AGEOFEMPIRE\Age of Empires II\age2_x1\age2_x1.exe" = C:\Documents and Settings\Jack\My Documents\AGEOFEMPIRE\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Documents and Settings\Jack\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Jack\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Jack\My Documents\2spec\CyberGate v1.07.5.exe" = C:\Documents and Settings\Jack\My Documents\2spec\CyberGate v1.07.5.exe:*:Enabled:CyberGate v1.07.5
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\mIRC12\mirc.exe" = C:\Program Files\mIRC12\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\SG Interactive\Project Blackout\PBlackout.exe" = C:\SG Interactive\Project Blackout\PBlackout.exe:*:Enabled:PBlackout -- (Zepetto)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0209FBA3-1F49-ACE0-250E-E79C3C6EB510}" = CCC Help Hungarian
"{02411C9A-9560-0242-655E-4061417E0711}" = Catalyst Control Center Localization Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06C9F310-F4BA-96BE-8099-F9DBF5869257}" = Catalyst Control Center Localization Thai
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1C672C1B-8AEA-3AAF-FF94-6AD1A5545E26}" = Catalyst Control Center Localization Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2483FB3D-A070-F56D-F5D7-B2BCB62F6FEA}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{26BB036D-3064-4A76-9864-50CA1088E0D0}" = Barbie™ Team Gymnastics™
"{28C28E28-F303-8F06-E419-09A28F43CC5A}" = CCC Help English
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2B6FC514-C166-4AB3-1912-25A52131EABF}" = ccc-core-preinstall
"{2C5D0485-AD0F-50C2-E1C8-C6C2F8D644BC}" = Catalyst Control Center Localization Portuguese
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{334B7120-D50C-304B-5A3D-FD25FB77988F}" = ccc-core-static
"{34CFC77C-2584-409A-95D9-EC951251C098}" = Lemony Snicket's A Series of Unfortunate Events
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FED898-68B7-4A00-824F-EB2136E17D6A}" = Barbie® idesign™ Ultimate Stylist™
"{39FAC751-0DD0-CBA2-B02A-7516534EE33A}" = CCC Help Russian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45FB4D0C-DBF0-2775-4ED8-905488CB81EC}" = Catalyst Control Center Localization Russian
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{51CEA3A7-226C-C857-8D50-6CB89832E61D}" = CCC Help Spanish
"{52900AE3-4DF3-05D2-C613-8CF4535701E8}" = Catalyst Control Center Localization Polish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57D16F5A-212D-4DF7-A563-33272226BFD5}" = Catalyst Control Center Localization Swedish
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5B8E3797-2EF7-0F50-26B1-22456155E5B5}" = Catalyst Control Center Localization French
"{5E8F0E75-8E53-C5A2-F24F-FBEF170D6D5F}" = CCC Help Finnish
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68D292AC-5042-FD76-880C-142057D9A9B2}" = Catalyst Control Center Localization Danish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750B354A-BF46-45E0-86D6-620026703B92}" = Nancy Drew: The Haunted Carousel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7724AA87-C624-099A-EB15-FF1482F82F5F}" = Catalyst Control Center Localization Italian
"{7816E933-8645-E1BB-DE2F-5F50C8534149}" = CCC Help Dutch
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7D67C94D-9A82-C553-A146-791C0167D70C}" = Catalyst Control Center Graphics Full New
"{8041EFEE-EE85-1997-4BE5-1A3A1666C698}" = Catalyst Control Center Localization German
"{808550BA-808E-19DF-7B53-C4DA691653E8}" = Catalyst Control Center Localization Turkish
"{8220989C-EE3F-436A-8009-5380A72A0727}" = Mojo
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{874F7348-BD66-D7BD-1D9F-28F73286E6B5}" = CCC Help Portuguese
"{87DD9210-8321-098F-176D-8EB20FC7ECB6}" = Catalyst Control Center Localization Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8CDAE61E-F8D8-AFCC-91A8-EDEAF71A3D69}" = Catalyst Control Center Localization Spanish
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F41F431-071E-5B44-2EEE-5C51173D6498}" = MozyHome
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90721085-4029-A28A-47B9-FAB2A5830C21}" = ccc-utility
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9EFE5658-2CB9-2EF5-85C1-168003E45762}" = Catalyst Control Center Localization Czech
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A54C61F7-7DE2-3065-F96F-274B11E2F8C2}" = Catalyst Control Center Core Implementation
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A80AFF09-2441-48C2-20F4-1D12687B17FA}" = CCC Help Turkish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA876B6-E9C9-AE87-77AC-7CD8BD23FC57}" = CCC Help Swedish
"{B0B3AA79-C52D-1074-AC6C-E1F0893D0100}" = CCC Help Polish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3B919CB-903A-226C-51D6-0674A56ABE9D}" = CCC Help Thai
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BD8DF0FD-DB6B-D5C4-5AD4-9C234D6BC118}" = CCC Help Chinese Traditional
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E3C7AF-D1ED-3C27-A45D-5CC68A3BDC1B}" = CCC Help Czech
"{C3398128-A88F-93E3-CF01-D41DFEA34EA1}" = Catalyst Control Center Localization Hungarian
"{C3D2330F-7339-C514-1480-6408372B55B7}" = Catalyst Control Center Graphics Light
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4AE3B52-B9DD-70B5-E674-877F29D3E29A}" = CCC Help Danish
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C9831278-9890-3C7E-D097-59C901781901}" = CCC Help French
"{C9B1B540-F963-71EC-A884-E7FB40B3B721}" = Catalyst Control Center Graphics Full Existing
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4FD011-AF9C-2F3A-6B6F-09BB8E46AD0F}" = Catalyst Control Center Localization Chinese Standard
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEDE2F9-94D1-9DCB-BDFB-4050A2A7B282}" = Catalyst Control Center Localization Norwegian
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DD019866-6888-8B05-C84D-0E975B3AB102}" = CCC Help Italian
"{E32B68E0-08C9-0121-5E64-6EF484A0254E}" = CCC Help Norwegian
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5CD5F1B-C229-6AA1-3F69-26E39B652C79}" = Catalyst Control Center Localization Korean
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6380875-C349-4CAD-B331-FF22632D44D4}" = Big Green Help
"{E96EA72C-72EB-5293-CF16-A113A8AC13F1}" = CCC Help Greek
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F68999-4224-E935-863E-82DB89CB77AB}" = CCC Help Chinese Standard
"{F1272790-9E19-EA34-C95C-68695D79D695}" = CCC Help Korean
"{F678B194-8669-776E-E7FC-DC795804F9B0}" = Catalyst Control Center Localization Chinese Traditional
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB724C38-05A0-A673-18EE-197472FC270E}" = Skins
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"{FC8E9522-2C8D-828A-7C9C-009D1E1E87ED}" = CCC Help German
"{FCA03417-6457-B437-37D8-1FA1AFDAE17F}" = CCC Help Japanese
"{FCA37CD2-7BA4-4A5A-8979-B64EA712F4CB}" = TortoiseSVN 1.6.2.16344 (32 bit)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Barbie Magic Hair Styler" = Barbie Magic Hair Styler
"Barbie® Pet Rescue" = Barbie® Pet Rescue
"Barbie™ as Rapunzel" = Barbie™ as Rapunzel
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Detective Barbie® 2 The Vacation Mystery™" = Detective Barbie® 2 The Vacation Mystery™
"DriverNavigator_is1" = DriverNavigator 1.5.3
"EA Download Manager" = EA Download Manager
"Gotta Groove™ CD-ROM" = Gotta Groove™ CD-ROM
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{34CFC77C-2584-409A-95D9-EC951251C098}" = Lemony Snicket's A Series of Unfortunate Events
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"LimeWire" = LimeWire 5.0.11
"M&Ms The Lost Formulas" = M&Ms The Lost Formulas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.5.74 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Metasploit Framework" = Metasploit Framework 3.4.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"M-WIN-G 7.0.1 1213989_is1" = Wolfram Mathematica 7 for Students (M-WIN-G 7.0.1 1213989)
"My Little Pony" = My Little Pony
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nmap" = Nmap 5.30BETA1
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NoIPDUC" = No-IP DUC
"NVIDIA Display Driver" = NVIDIA Display Driver
"Project Blackout" = Project Blackout
"PROSet" = Intel® PRO Ethernet Adapter and Software
"proXPN" = proXPN 2.4.6
"ShortKeys Lite" = ShortKeys Lite
"Smart GIF Creator_is1" = Smart GIF Creator
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"STANDARD" = Microsoft Office Standard 2007
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Time to Play Pet Shop" = Time to Play Pet Shop
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"wardrobe" = IBM & Crayola Magic Wardrobe
"Where in the World Is Carmen Sandiego? Treasures of Knowledge" = Where in the World Is Carmen Sandiego? Treasures of Knowledge
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zoo Tycoon 2" = Zoo Tycoon 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2011 12:23:06 AM | Computer Name = KIDS | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.6550.5004, stamp 4d2cee93,
faulting module cleanhdd.dll, version 6.1.7601.16300, stamp 4daf611f, debug? 0,
fault address 0x00006bec.

Error - 4/24/2011 1:09:56 AM | Computer Name = KIDS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 9:25:40 PM | Computer Name = KIDS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 9:29:31 PM | Computer Name = KIDS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 10:38:34 PM | Computer Name = KIDS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 10:38:34 PM | Computer Name = KIDS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 11:24:57 PM | Computer Name = KIDS | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 4/27/2011 11:24:58 PM | Computer Name = KIDS | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 4/27/2011 11:24:58 PM | Computer Name = KIDS | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 4/27/2011 11:24:58 PM | Computer Name = KIDS | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

[ System Events ]
Error - 4/28/2011 3:07:29 PM | Computer Name = KIDS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/28/2011 3:07:29 PM | Computer Name = KIDS | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 4/28/2011 3:09:14 PM | Computer Name = KIDS | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 4/28/2011 9:37:10 PM | Computer Name = KIDS | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 4/28/2011 9:47:42 PM | Computer Name = KIDS | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 4/29/2011 9:55:08 AM | Computer Name = KIDS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/29/2011 9:55:08 AM | Computer Name = KIDS | Source = VolSnap | ID = 393230
Description = The shadow copy of volume C: was aborted because of an IO failure.

Error - 4/30/2011 2:51:57 PM | Computer Name = KIDS | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 4/30/2011 3:56:56 PM | Computer Name = KIDS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 4/30/2011 3:56:56 PM | Computer Name = KIDS | Source = VolSnap | ID = 393230
Description = The shadow copy of volume C: was aborted because of an IO failure.


< End of report >


OTL logfile created on: 5/1/2011 11:18:49 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jack\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 88.47 Gb Free Space | 59.36% Space Free | Partition Type: NTFS

Computer Name: KIDS | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 10:44:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack\My Documents\Downloads\OTL.exe
PRC - [2011/04/30 13:48:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/27 09:23:11 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/02/08 13:24:02 | 003,600,184 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/08/21 14:04:43 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/05/09 13:09:24 | 000,606,720 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/11/20 15:19:02 | 002,747,392 | ---- | M] (Insight Software Solutions) -- C:\Program Files\ShortKeys2\shklite.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 10:44:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/11/20 11:42:32 | 000,051,200 | ---- | M] (Insight Software Solutions) -- C:\Program Files\ShortKeys2\shkhook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 09:23:25 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/04/27 09:23:11 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/08/21 14:04:43 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/03/29 14:51:40 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2010/11/09 08:08:04 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/08/21 14:04:43 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/05/13 17:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/03/29 14:51:40 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/03/25 05:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/11/24 09:54:12 | 000,495,104 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008/08/21 03:52:42 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2006/03/01 02:39:10 | 003,959,360 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2001/08/17 08:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=19-05-2010&tb_mrud=19-05-2010"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=19-05-2010&tb_mrud=19-05-2010&query="
FF - prefs.js..network.proxy.http: "proxy.changeipaddress.org"
FF - prefs.js..network.proxy.http_port: 8321
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 13:48:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:48:46 | 000,000,000 | ---D | M]

[2008/09/19 17:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Extensions
[2011/04/30 21:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\swognfvi.default\extensions
[2009/06/24 13:34:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\swognfvi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/04 18:56:11 | 000,000,000 | ---D | M] (Patriotfox) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\swognfvi.default\extensions\{628ad4a0-a4d0-11db-b37a-0800200c9a66}
[2010/05/18 07:36:27 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\swognfvi.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/06/08 13:29:32 | 000,000,000 | ---D | M] (GameBox) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\swognfvi.default\extensions\gamebox@toolbar
[2011/02/11 19:03:17 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\swognfvi.default\extensions\toolbar@ask.com
[2009/08/03 06:49:13 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\swognfvi.default\searchplugins\aim-search.xml
[2010/05/18 20:01:33 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\swognfvi.default\searchplugins\aol-search.xml
[2011/04/30 21:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/21 13:52:13 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/06/20 12:12:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/04/20 17:41:27 | 000,000,890 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.107.64.190 www.google.com
O1 - Hosts: 209.172.56.115 search.yahoo.com
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ShortKeys Lite.lnk = C:\Program Files\ShortKeys2\shklite.exe (Insight Software Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 351
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {11AB8A3E-E187-49EE-800A-A9FFE82CFFAB} https://nexweb23.nexsure.com/OI/AutoWebUpdate/WebUpdate.ocx (WebUpdate Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178673035810 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270335476875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/18 15:26:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/25 19:43:36 | 000,000,037 | ---- | M] () - C:\autosmart.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 14:46:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jack\Recent
[2011/04/27 23:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/27 00:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\My Documents\RSBot
[2011/04/19 00:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\.TRPKCachev3
[2011/04/15 21:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\My Documents\exoleaks
[2011/04/11 19:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\My Documents\accounts
[2011/04/08 21:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\Application Data\PBlackout
[2011/04/08 21:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\Start Menu\Programs\Project Blackout
[2011/04/08 21:28:35 | 000,000,000 | ---D | C] -- C:\SG Interactive
[2011/04/08 21:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack\Local Settings\Application Data\PMB Files
[2011/04/08 21:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/04/08 21:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\Documents and Settings\Jack\My Documents\*.tmp files -> C:\Documents and Settings\Jack\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Jack\Desktop\*.tmp files -> C:\Documents and Settings\Jack\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 11:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/01 10:58:39 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Jack\jagex_runescape_preferences.dat
[2011/05/01 10:58:23 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Jack\jagex_runescape_preferences2.dat
[2011/04/30 14:57:04 | 000,006,066 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/04/30 14:57:03 | 000,006,088 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/04/30 14:45:55 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 14:45:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/30 14:45:08 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/04/30 14:45:06 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 13:25:03 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\dds.scr
[2011/04/27 23:08:33 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\Spybot - Search & Destroy.lnk
[2011/04/27 21:23:39 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/27 09:23:11 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/04/27 09:23:11 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/04/27 00:17:47 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Jack\Application Data\RSBot_Accounts.ini
[2011/04/26 12:01:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/26 00:47:25 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 19:10:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/24 02:31:05 | 000,652,434 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\steve123.bmp
[2011/04/24 02:29:56 | 001,234,662 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\steveddos12.bmp
[2011/04/20 17:41:27 | 000,000,890 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/19 07:27:53 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job
[2011/04/15 03:48:07 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 03:27:49 | 000,651,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 03:27:49 | 000,126,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/08 21:32:54 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\Project Blackout.lnk
[2011/04/08 21:27:17 | 459,305,199 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\ProjectBlackout_Install_X_R.exe
[2011/04/04 11:56:21 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/04/04 11:56:21 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/04/04 00:48:49 | 000,006,207 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\chem3.2.nb
[2011/04/02 00:32:52 | 000,008,416 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\chem3.1.nb
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\Documents and Settings\Jack\My Documents\*.tmp files -> C:\Documents and Settings\Jack\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Jack\Desktop\*.tmp files -> C:\Documents and Settings\Jack\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 21:07:35 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\gmer.exe
[2011/04/28 13:25:05 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\dds.scr
[2011/04/27 23:08:33 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\Spybot - Search & Destroy.lnk
[2011/04/24 02:31:05 | 000,652,434 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\steve123.bmp
[2011/04/24 02:29:56 | 001,234,662 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\steveddos12.bmp
[2011/04/08 21:32:54 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\Project Blackout.lnk
[2011/04/08 21:18:58 | 459,305,199 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\ProjectBlackout_Install_X_R.exe
[2011/04/04 00:48:49 | 000,006,207 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\chem3.2.nb
[2011/04/02 00:32:51 | 000,008,416 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\chem3.1.nb
[2010/10/19 22:00:32 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\Jack\Application Data\RSBot_Accounts.ini
[2010/09/22 21:11:32 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\Jack\Application Data\RSBot Accounts.ini
[2010/08/21 13:51:55 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/08/21 13:51:55 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/06/12 09:23:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/12 09:23:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/12 09:23:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/12 09:23:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/29 14:51:40 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/06 21:13:31 | 000,050,300 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/02 10:16:33 | 027,752,736 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/02 10:15:33 | 000,533,024 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/16 09:15:58 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/07 16:40:12 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/03 16:32:43 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/08/05 20:14:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008/07/21 15:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/17 06:53:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/01/06 11:36:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/12/24 21:48:07 | 000,000,217 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/22 12:41:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/20 20:03:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2007/11/20 20:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/10/09 19:57:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2007/10/07 16:55:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Barbie Magic Hair Styler.INI
[2007/10/07 16:18:00 | 000,000,407 | ---- | C] () -- C:\WINDOWS\HairStyl.ini
[2007/10/07 15:46:38 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/07 15:46:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/09/29 02:36:06 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/09/29 02:36:06 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/19 18:45:05 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/07/01 17:55:53 | 000,000,196 | ---- | C] () -- C:\WINDOWS\MAGIWARD.INI
[2007/05/26 08:20:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\POTATO.INI
[2007/05/26 07:48:24 | 000,000,103 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/05/07 18:21:30 | 000,015,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/23 19:56:25 | 000,001,203 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/04/21 15:16:39 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/04/21 15:16:26 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/04/18 16:59:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/04/18 16:58:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/04/18 16:23:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/18 16:23:18 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/04/18 16:23:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/04/18 15:29:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/18 15:23:32 | 000,023,376 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/18 09:19:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/18 09:18:48 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/02 15:29:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/02/26 10:44:06 | 000,174,818 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,651,030 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,126,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/08/27 19:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/18 07:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/04/10 06:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/04/30 21:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/06/10 06:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/12/22 12:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2009/12/22 12:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2011/04/30 14:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/08/10 03:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/04/08 21:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/08/02 18:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/13 19:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/15 20:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/27 05:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/08/15 07:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\acccore
[2007/11/10 13:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\bang
[2011/03/19 15:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Easeware
[2010/06/08 14:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\GameRanger
[2010/12/03 21:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\ManyCam
[2007/07/22 07:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\My Battle for Middle-earth™ II Files
[2011/04/17 16:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\PBlackout
[2009/06/20 11:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Subversion
[2010/06/08 02:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\TeamViewer
[2010/10/28 21:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\TS3Client
[2011/03/06 13:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\uTorrent
[2007/06/14 16:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Viewpoint
[2008/09/20 15:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Windows Desktop Search
[2008/09/30 19:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Windows Search
[2011/04/19 07:27:53 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job
[2011/05/01 11:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 04:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2008/04/14 04:41:54 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2004/08/04 07:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll
[2008/04/14 04:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/18 07:45:59 | 001,650,688 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/15 02:16:19 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/08/19 04:47:12 | 025,907,200 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/19 04:47:12 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2011/02/18 16:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys

< End of report >

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:21 AM

Posted 01 May 2011 - 02:15 PM

Hi,

Please do the following:

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Downfall

Downfall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 01 May 2011 - 03:40 PM

Here :c

Attached Files


Edited by Downfall, 01 May 2011 - 03:40 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:21 AM

Posted 01 May 2011 - 05:31 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Downfall

Downfall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 01 May 2011 - 08:15 PM

After about 40-45 minutes of running it froze up entirely without completing the scan. As you instructed I did not attempt to re-run it. However upon rebooting my computer and trying to search google to see if the virus had gone I got this:


Our systems have detected unusual traffic from your computer network. Please try your request again later
This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop.

This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible. Learn more

Sometimes you may see this page if you are using advanced terms that robots are known to use, or sending requests very quickly.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:21 AM

Posted 01 May 2011 - 08:18 PM

OK

Delete the copy of ComboFix that you have on your desktop and download a fresh copy but rename it to iexplore before saving it

now boot into safe mode and run combofix from safe mode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Downfall

Downfall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 02 May 2011 - 07:22 PM

I was unable to boot into safe mode While pressing f8 i just got a bunch of odd clicks from my hard drive and it didn't load, forcing me to restart the computer. I then tried Combofix again with the new name in regular mode but was met with the same result as previously.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:21 AM

Posted 02 May 2011 - 08:14 PM

Hi

Please do the following:

Download and run HAMeb_check.exe save it to your desktop.

Click on the icon to run it, when complete it will open a log for you, please post the content of the log in your next reply.

Note: The log is temporary - it will not be saved when closed, so please be sure to copy the content so that you can paste it into your next reply before you close the log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Downfall

Downfall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 03 May 2011 - 10:02 PM

C:\Documents and Settings\Jack\My Documents\Downloads\HAMeb_check.exe
Tue 05/03/2011 at 23:01:47.57

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=5985:TCP:*:Disabled:Windows Remote Management
80:TCP=80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode "HTTP-In"


~~ EOF ~~

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:21 AM

Posted 04 May 2011 - 06:05 AM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Downfall

Downfall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 04 May 2011 - 04:55 PM

It found nothing on the scan however I couldn't locate the log file :s

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:21 AM

Posted 04 May 2011 - 05:38 PM

Hi

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Downfall

Downfall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 04 May 2011 - 11:35 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6509

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/4/2011 10:03:49 PM
mbam-log-2011-05-04 (22-03-49).txt

Scan type: Quick scan
Objects scanned: 208636
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The second scan gave me nothing but I did not receive a log file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users