Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with windows recovery virus?


  • This topic is locked This topic is locked
39 replies to this topic

#16 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 15 May 2011 - 04:28 PM

I'm not sure if that actually worked. IN C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\Local Settings\Temp\smtmp\1, I had one "programs" folder that has 4 folders within (accesories, admiistrative tools, games and startup) I copied the whole "programs" folder and then when I went to paste them into C:\Documents and Settings\All Users\Start Menu\ there was already a "programs" folder. So I opened that folder and pasted into there.

It still seems that my program list from the start menu has empty folders. There do seem to be some programs that dont have emtpy folders. But I'm not 100% sure if that just happened now; or if its been that way since this whole thing began.

BC AdBot (Login to Remove)

 


#17 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:22 PM

Posted 16 May 2011 - 08:31 AM

Good Morning,
Please browse back to this folder: C:\Documents and Settings\All Users\Start Menu\Programs\

What other folders do you see in there?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#18 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 May 2011 - 09:36 AM

Its all of the various program folders. But when I open the folders they are empty (sometimes after opening multiple folders). The last folder (where the program should actually be) is empty.

#19 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:22 PM

Posted 16 May 2011 - 09:50 AM

This is very interesting. Let me get back to you, I need to do some testing.

In the meantime, can you please run a new scan with OTL for me?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#20 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 May 2011 - 11:51 AM

Herer is the OTL log.....are there supposed to be two logs? I only got one?

OTL logfile created on: 5/16/2011 12:42:46 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Richard Cave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 345.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 32.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 26.27 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive F: | 7.49 Gb Total Space | 7.27 Gb Free Space | 97.11% Space Free | Partition Type: FAT32

Computer Name: JDMRICH | User Name: Richard Cave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 21:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Cave\Desktop\OTL.exe
PRC - [2011/05/11 14:05:36 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/07/06 03:24:40 | 000,262,144 | R--- | M] (Magic Control Technology Corporation) -- C:\WINDOWS\system32\vgautil5100.exe
PRC - [2009/02/05 13:48:08 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\t1psvr.exe
PRC - [2008/07/24 19:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/13 12:42:08 | 000,808,160 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
PRC - [2006/02/10 19:17:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/14 21:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Cave\Desktop\OTL.exe
MOD - [2010/12/08 14:11:40 | 000,202,112 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIhook.000.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 20:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:12:06 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmpapi.dll
MOD - [2008/04/13 20:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/13 20:12:03 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rassapi.dll
MOD - [2008/04/13 20:11:57 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll
MOD - [2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 20:11:55 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetmib1.dll
MOD - [2008/04/13 20:11:48 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/13 20:11:48 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/11 14:05:36 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/02/05 13:48:08 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\t1psvr.exe -- (T1PSvr)
SRV - [2008/07/07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Start_Pending] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/07/06 16:07:44 | 000,100,480 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\t1pusb.sys -- (t1pusb)
DRV - [2009/06/24 17:21:04 | 000,019,712 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys -- (T1PMrGrp)
DRV - [2009/06/24 17:19:24 | 000,018,816 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\T1PExGrp.sys -- (T1PExGrp)
DRV - [2008/07/24 19:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/02/25 16:04:32 | 000,029,184 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2006/10/31 08:28:04 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 19:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/11/11 12:34:16 | 000,353,728 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1275399053&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us|https://www.google.com/calendar/render"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: bettergcal@ginatrapani.org:0.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: itele.widget@gmail.com:1.2.0.4
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 09:07:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 09:13:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/05 10:55:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/08/20 18:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Extensions
[2010/08/20 18:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/12 09:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions
[2010/03/26 11:08:12 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/15 09:04:48 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/03/24 10:21:36 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2009/05/18 11:50:40 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2009/06/05 08:56:02 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/15 11:42:43 | 000,000,000 | ---D | M] (Google Calendar Notifier) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{7F364BE2-D493-11DA-BE96-9966D6839540}
[2010/01/21 10:30:29 | 000,000,000 | ---D | M] (SIRIUS Player) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{A8208118-F761-47E2-A01F-4FB22AE08B5E}
[2011/04/01 09:08:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/22 09:03:57 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/04/15 11:42:43 | 000,000,000 | ---D | M] ("Better GCal") -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\bettergcal@ginatrapani.org
[2010/05/25 09:42:49 | 000,000,000 | ---D | M] (Newsbar) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\itele.widget@gmail.com
[2011/05/08 20:17:12 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2009/12/11 13:14:34 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\LogMeInClient@logmein.com
[2011/05/12 09:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\staged
[2011/04/22 09:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2008/07/31 16:27:55 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\searchplugins\usatodaycom.xml
[2011/05/11 15:12:04 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\searchplugins\weathercom.xml
[2008/06/23 09:17:20 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\searchplugins\webster.xml
[2008/07/31 16:27:27 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\searchplugins\wikipedia-eng.xml
[2011/03/24 09:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 09:32:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\GOOGLEDICTIONARY@TOPTIP.CA.XPI
[2009/03/17 08:52:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/03 03:02:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/05 09:07:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2007/10/25 15:00:45 | 000,000,897 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.png
[2007/10/25 15:00:45 | 000,001,015 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.src

O1 HOSTS File: ([2011/05/13 13:27:05 | 000,218,750 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.113 HP0017A422842B
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7678 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [T1PSvrUtil] C:\WINDOWS\system32\T1PSvrUtil.exe ()
O4 - Startup: C:\Documents and Settings\Richard Cave\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe (Memeo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} https://secure10.backup.com/downloads/WRX.cab (WRXCtl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Richard Cave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard Cave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2250409a-1a24-11dd-8331-001372e85591}\Shell - "" = AutoRun
O33 - MountPoints2\{2250409a-1a24-11dd-8331-001372e85591}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2250409a-1a24-11dd-8331-001372e85591}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{41ceaadc-b343-11de-8446-001372e85591}\Shell - "" = AutoRun
O33 - MountPoints2\{41ceaadc-b343-11de-8446-001372e85591}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41ceaadc-b343-11de-8446-001372e85591}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 17:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Programs
[2011/05/15 16:10:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 21:27:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard Cave\Desktop\OTL.exe
[2011/05/14 00:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Cave\Desktop\gmer
[2011/05/13 15:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/05/13 15:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/05/13 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/05/13 13:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/05/13 13:10:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Richard Cave\Recent
[2011/05/13 11:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Cave\Application Data\Malwarebytes
[2011/05/13 11:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 11:08:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/13 11:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/13 11:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/11 14:05:30 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/05/11 14:05:30 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/05/11 14:05:30 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/05/11 14:05:30 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/05/11 14:05:30 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/05/11 14:05:30 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/05/11 14:05:28 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/05/11 14:05:28 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/05/11 14:05:28 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/05/11 14:05:28 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/05/06 16:43:07 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/05/06 16:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/05/06 16:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 12:10:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 11:52:28 | 000,022,615 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\tbird collected addy.ldif
[2011/05/16 11:52:19 | 000,144,633 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\tbird google addy.ldif
[2011/05/16 11:52:00 | 000,085,815 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\tbird addy.ldif
[2011/05/16 01:10:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 16:54:31 | 000,000,018 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\Look
[2011/05/15 16:54:19 | 000,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/15 13:50:06 | 000,006,213 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\Richard Cave.zip
[2011/05/14 21:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Cave\Desktop\OTL.exe
[2011/05/14 21:26:10 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\RKUnhookerLE.EXE
[2011/05/14 21:25:30 | 000,605,735 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\unhide.exe
[2011/05/14 00:40:09 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\gmer.zip
[2011/05/14 00:32:07 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\dds.scr
[2011/05/13 15:14:20 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/13 10:38:38 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/12 14:53:15 | 000,343,994 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53 copy.jpg
[2011/05/12 14:53:09 | 000,096,717 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53 copy.png
[2011/05/12 14:52:56 | 000,090,835 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53.png
[2011/05/12 14:46:39 | 000,158,775 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-46-04 copy.jpg
[2011/05/12 14:46:14 | 000,041,735 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-46-04.png
[2011/05/11 14:05:30 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/05/11 14:05:30 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/05/11 14:05:30 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/05/11 14:05:30 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/05/11 14:05:30 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/05/11 14:05:30 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/05/11 14:05:28 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/05/11 14:05:28 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/05/11 14:05:28 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/05/11 14:05:28 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/05/06 16:43:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/05/06 16:43:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/05/04 11:08:09 | 000,308,887 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\aff of serv with address.PDF
[2011/05/04 10:56:12 | 000,308,550 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\aff of serv.PDF
[2011/04/28 15:41:52 | 004,948,069 | ---- | M] () -- C:\Documents and Settings\Richard Cave\My Documents\Delancey BofA signed lease.pdf
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 11:52:28 | 000,022,615 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\tbird collected addy.ldif
[2011/05/16 11:52:18 | 000,144,633 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\tbird google addy.ldif
[2011/05/16 11:52:00 | 000,085,815 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\tbird addy.ldif
[2011/05/15 16:46:51 | 000,000,018 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\Look
[2011/05/15 13:50:06 | 000,006,213 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\Richard Cave.zip
[2011/05/14 21:26:23 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\RKUnhookerLE.EXE
[2011/05/14 00:40:09 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\gmer.zip
[2011/05/14 00:32:07 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\dds.scr
[2011/05/13 14:50:01 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 10:59:44 | 000,605,735 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\unhide.exe
[2011/05/12 14:53:14 | 000,343,994 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53 copy.jpg
[2011/05/12 14:53:08 | 000,096,717 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53 copy.png
[2011/05/12 14:52:56 | 000,090,835 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53.png
[2011/05/12 14:46:37 | 000,158,775 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-46-04 copy.jpg
[2011/05/12 14:46:08 | 000,041,735 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-46-04.png
[2011/05/06 16:43:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/05/06 16:43:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/05/04 11:08:09 | 000,308,887 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\aff of serv with address.PDF
[2011/05/04 10:56:12 | 000,308,550 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\aff of serv.PDF
[2011/04/28 15:41:51 | 004,948,069 | ---- | C] () -- C:\Documents and Settings\Richard Cave\My Documents\Delancey BofA signed lease.pdf
[2010/09/02 13:10:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\dvdtowmvconverter.ini
[2010/09/02 13:06:52 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysDVDtowmv.dat
[2010/09/02 12:59:24 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2010/09/02 12:54:45 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/18 22:06:42 | 000,001,837 | ---- | C] () -- C:\WINDOWS\System32\MTri1+.ini
[2010/02/09 17:02:40 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/02/09 16:33:50 | 000,188,626 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/02/09 16:33:50 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/01/11 12:51:57 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/01/11 12:51:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/10/19 16:23:05 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/10/19 16:23:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd9840cd.dat
[2009/10/19 16:23:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/10/19 16:22:08 | 000,001,039 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/10/19 16:22:08 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/10/19 16:22:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bd9840cn.dat
[2009/10/19 16:20:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/10/19 16:20:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/10/19 16:20:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2009/10/19 16:20:28 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/10/19 16:20:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/10/19 16:20:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/10/19 16:18:43 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/09 13:57:23 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/16 12:48:02 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/02/16 12:48:02 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\93097EE3B0.sys
[2008/09/02 16:52:59 | 000,008,319 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\Comma Separated Values (DOS).JNL
[2008/09/02 16:52:06 | 000,038,486 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\Comma Separated Values (Windows).ADR
[2008/06/18 10:41:16 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\dvd.bmk
[2008/05/16 12:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/05/06 11:16:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\AVAideDVDtomp4.ini
[2008/05/06 10:54:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\AvaideDVDtomp4.dat
[2007/10/08 14:21:22 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/10/08 14:21:01 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2007/10/08 14:20:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/03/09 11:02:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/03/07 13:58:11 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/06 16:41:21 | 000,038,486 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\Comma Separated Values (DOS).ADR
[2007/03/06 13:39:21 | 000,038,474 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\Microsoft Excel.ADR
[2007/01/12 16:46:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/12 16:28:32 | 000,000,130 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2007/01/12 16:28:31 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2007/01/05 17:14:21 | 000,032,468 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\irisscan.clb
[2007/01/05 17:02:37 | 000,094,208 | R--- | C] () -- C:\WINDOWS\System32\IRISScan.DLL
[2006/12/05 11:49:13 | 000,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/05 11:49:13 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C9888066A0.sys
[2006/11/27 12:09:45 | 000,001,775 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/09 15:22:51 | 000,195,072 | ---- | C] () -- C:\WINDOWS\System32\wav2mp3.exe
[2006/11/09 15:22:51 | 000,000,678 | ---- | C] () -- C:\WINDOWS\TalknSend.INI
[2006/11/09 11:56:47 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Local Settings\Application Data\fusioncache.dat
[2006/11/09 11:30:12 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/11/09 11:30:12 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/11/09 11:29:41 | 000,000,649 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/11/09 11:16:30 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2006/10/31 08:43:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/31 08:31:34 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/31 08:27:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/31 08:25:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 08:00:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/31 08:00:18 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/31 00:06:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\U2VSvr.exe
[2006/03/31 00:06:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\U2VDisp.exe
[2006/03/31 00:06:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\Util.exe
[2006/03/31 00:06:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\t1psvr.dll
[2006/03/31 00:06:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\t1psvr.exe
[2006/03/31 00:06:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\T1PDisp.exe
[2006/03/31 00:06:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\T1PSvrUtil.exe
[2006/03/31 00:06:25 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\UDLL.dll
[2006/03/31 00:06:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mctudll.dll
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,463,628 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,080,756 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

#21 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:22 PM

Posted 16 May 2011 - 04:28 PM

Hi!

The first time you run OTL it gives you 2 logs (OTL.txt & Extras.txt) after that it will only give you one log, if no settings are changed.

I'm not sure if that actually worked. IN C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\Local Settings\Temp\smtmp\1, I had one "programs" folder that has 4 folders within (accesories, admiistrative tools, games and startup) I copied the whole "programs" folder and then when I went to paste them into C:\Documents and Settings\All Users\Start Menu\ there was already a "programs" folder. So I opened that folder and pasted into there.

What folders/files were in the Programs folder that you moved into the C:\Documents and Settings\All Users\Start Menu\Programs folder?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#22 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 May 2011 - 05:00 PM

It was Accessories, administrative tools, games, and startup.

I'm extremely appreciative of all your help so far. But it looks like the boosman wants to simply buy me a new computer. Ideally I would still like to make this one functional though. However, at the very least I would like to ensure that my files are free from any viruses or any malware so I can copy everything to the new computer?

Would it be any easier to do that as opposed to finding out why the programs arent showing up?

#23 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:22 PM

Posted 16 May 2011 - 05:23 PM

Hi!

I'm extremely appreciative of all your help so far. But it looks like the boosman wants to simply buy me a new computer. Ideally I would still like to make this one functional though. However, at the very least I would like to ensure that my files are free from any viruses or any malware so I can copy everything to the new computer?

Okay. We can work on cleaning the malware off of this computer, but it may come down to no programs in the Start menu folder for now. That list should be repopulated once new programs are installed.

Would it be any easier to do that as opposed to finding out why the programs arent showing up?

Yeah, it'd be much easier to clean-up the malware than it would be to fix the issue with the programs not showing up in the Start menu.

____________________________________________________


VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Browse button and search for the following file: C:\WINDOWS\system32\t1psvr.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Please repeat the above process for this additional file(s) below:
C:\WINDOWS\system32\T1PSvrUtil.exe

Please post the results in your next reply

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#24 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 May 2011 - 06:19 PM

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: t1psvr.exe
Submission date: 2011-05-16 23:05:43 (UTC)
Current status: queued queued analysing finished


Result: 1/ 43 (2.3%)
VT Community

not reviewed
Safety score: -

Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.05.17.00 2011.05.16 -
AntiVir 7.11.8.37 2011.05.16 -
Antiy-AVL 2.0.3.7 2011.05.16 -
Avast 4.8.1351.0 2011.05.16 -
Avast5 5.0.677.0 2011.05.16 -
AVG 10.0.0.1190 2011.05.16 -
BitDefender 7.2 2011.05.17 -
CAT-QuickHeal 11.00 2011.05.16 -
ClamAV 0.97.0.0 2011.05.16 PUA.Packed.Armadillo-1
Commtouch 5.3.2.6 2011.05.16 -
Comodo 8727 2011.05.17 -
DrWeb 5.0.2.03300 2011.05.17 -
Emsisoft 5.1.0.5 2011.05.16 -
eSafe 7.0.17.0 2011.05.15 -
eTrust-Vet 36.1.8330 2011.05.16 -
F-Prot 4.6.2.117 2011.05.16 -
F-Secure 9.0.16440.0 2011.05.17 -
Fortinet 4.2.257.0 2011.05.14 -
GData 22 2011.05.16 -
Ikarus T3.1.1.103.0 2011.05.16 -
Jiangmin 13.0.900 2011.05.16 -
K7AntiVirus 9.103.4648 2011.05.14 -
Kaspersky 9.0.0.837 2011.05.16 -
McAfee 5.400.0.1158 2011.05.17 -
McAfee-GW-Edition 2010.1D 2011.05.16 -
Microsoft 1.6802 2011.05.16 -
NOD32 6127 2011.05.16 -
Norman 6.07.07 2011.05.15 -
nProtect 2011-05-16.01 2011.05.16 -
Panda 10.0.3.5 2011.05.16 -
PCTools 7.0.3.5 2011.05.13 -
Prevx 3.0 2011.05.17 -
Rising 23.58.00.06 2011.05.16 -
Sophos 4.65.0 2011.05.17 -
SUPERAntiSpyware 4.40.0.1006 2011.05.17 -
Symantec 20101.3.2.89 2011.05.17 -
TheHacker 6.7.0.1.198 2011.05.16 -
TrendMicro 9.200.0.1012 2011.05.16 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.17 -
VBA32 3.12.16.0 2011.05.12 -
VIPRE 9300 2011.05.16 -
ViRobot 2011.5.16.4461 2011.05.16 -
VirusBuster 13.6.357.0 2011.05.16 -
Additional informationShow all
MD5 : 27b4ab14ae3ed28befb013d013b35cd7
SHA1 : 215f628a11482a1cad098cf7c6c6ecdc4699d8d1
SHA256: 198141ff8d5abdb523b2ff7ee400179ea9867b56e3678eb0997aa79973518a31



0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: T1PSvrUtil.exe
Submission date: 2011-05-16 23:08:18 (UTC)
Current status: queued queued analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -

Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.05.17.00 2011.05.16 -
AntiVir 7.11.8.37 2011.05.16 -
Antiy-AVL 2.0.3.7 2011.05.16 -
Avast 4.8.1351.0 2011.05.16 -
Avast5 5.0.677.0 2011.05.16 -
AVG 10.0.0.1190 2011.05.16 -
BitDefender 7.2 2011.05.17 -
CAT-QuickHeal 11.00 2011.05.16 -
ClamAV 0.97.0.0 2011.05.16 -
Commtouch 5.3.2.6 2011.05.16 -
Comodo 8727 2011.05.17 -
DrWeb 5.0.2.03300 2011.05.17 -
Emsisoft 5.1.0.5 2011.05.16 -
eSafe 7.0.17.0 2011.05.15 -
eTrust-Vet 36.1.8330 2011.05.16 -
F-Prot 4.6.2.117 2011.05.16 -
F-Secure 9.0.16440.0 2011.05.17 -
Fortinet 4.2.257.0 2011.05.14 -
GData 22 2011.05.16 -
Ikarus T3.1.1.103.0 2011.05.16 -
Jiangmin 13.0.900 2011.05.16 -
K7AntiVirus 9.103.4648 2011.05.14 -
Kaspersky 9.0.0.837 2011.05.16 -
McAfee 5.400.0.1158 2011.05.17 -
McAfee-GW-Edition 2010.1D 2011.05.16 -
Microsoft 1.6802 2011.05.16 -
NOD32 6127 2011.05.16 -
Norman 6.07.07 2011.05.15 -
nProtect 2011-05-16.01 2011.05.16 -
Panda 10.0.3.5 2011.05.16 -
PCTools 7.0.3.5 2011.05.13 -
Prevx 3.0 2011.05.17 -
Rising 23.58.00.06 2011.05.16 -
Sophos 4.65.0 2011.05.17 -
SUPERAntiSpyware 4.40.0.1006 2011.05.17 -
Symantec 20101.3.2.89 2011.05.17 -
TheHacker 6.7.0.1.198 2011.05.16 -
TrendMicro 9.200.0.1012 2011.05.16 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.17 -
VBA32 3.12.16.0 2011.05.12 -
VIPRE 9300 2011.05.16 -
ViRobot 2011.5.16.4461 2011.05.16 -
VirusBuster 13.6.357.0 2011.05.16 -
Additional informationShow all
MD5 : 770f89a28d201c1c902c0bc109d5ea99
SHA1 : 56560c85b81ce7749cc23bc86a19a35c8a00fafd
SHA256: cf4ba4f4ae58a3d8f0c7a71170f6e204bacd806477161c525c41a077677b3ba4

#25 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:22 PM

Posted 16 May 2011 - 06:35 PM

Do you recongize these two files?

C:\WINDOWS\system32\t1psvr.exe
C:\WINDOWS\system32\T1PSvrUtil.exe

Mind if I get a sample of them to look at them closer?

Please download ZipIt from here:
Download Link
  • Double-click ZipIt! to run it. (Windows Vista & 7 users need to right click and Run as Administrator)
  • Then copy the content of the following codebox into the textfield:

    ::info::Unknown Files.
    ::bleeping::102
    C:\WINDOWS\system32\t1psvr.exe
    C:\WINDOWS\system32\T1PSvrUtil.exe
    
  • Then, just click the Zip button.
  • When finished, and if successful, it should automatically submit a file for me, so that it may be analyzed further. You should also see that a new .zip file has been created on your Desktop. You will be notified of what the file name is when the process has been completed.


NEXT:




Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#26 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 May 2011 - 07:01 PM

I couldnt tell if zipit automatically uploaded a file....so I attached it here.

Mbam is running now and I'll add the results once its done.

Attached Files



#27 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:22 PM

Posted 16 May 2011 - 07:07 PM

Hi!

Yes, ZipIt, did automatically submit the file to me, but no harm in having it uploaded in two spots. :thumbsup:

I've been doing some research on a possible fix for restoring some of the items in your Program Files.

Would you mind trying it after the MBAM scan finishes, and seeing if it works for you?


Please go to Start > Run > Copy/Paste the following bolded text followed by hitting ENTER: regsvr32 /i shell32.dll

After you do the above, please reboot your computer, and let me know the results.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#28 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 May 2011 - 07:22 PM

I could've sworn I just added this log. But I dont see it anywhere....so here it is (again?). I also ran regsvr32 /i shell32.dll, and everything seems the same. Most of the program files still have empty folders.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6594

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/16/2011 8:08:25 PM
mbam-log-2011-05-16 (20-08-25).txt

Scan type: Quick scan
Objects scanned: 178911
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#29 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:22 PM

Posted 16 May 2011 - 07:33 PM

Okay.

That log looks good!

Lets see what these scans show:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#30 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 16 May 2011 - 09:30 PM

So I screwed up with the ESET Online Scan. I did not uncheck "remove found threats". It found and removed 2 threats; but I have no idea what they are because I hit finish before hitting "list of found threats". Is there anyway to figure that out and/or is it worth running it again?

Here is the security check log:
Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 20
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users