wastedtime

Google links redirecting

22 posts in this topic

I'm getting re-directed when I click on google links mainly in IE. Down at the bottom, it will say connecting to tryfinditthere.com and it takes me to shop6-1.forless.com.

I've run every scan I can think of (online, safemode, boot-time, boot from CD) and nothing has caught it.

Defogger never prompted me to reboot so I didn't.

I appreciate any help you can give me.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4978

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

10/28/2010 5:36:07 PM

mbam-log-2010-10-28 (17-36-07).txt

Scan type: Full scan (C:\|)

Objects scanned: 218659

Time elapsed: 1 hour(s), 30 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4995

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

10/29/2010 10:55:25 PM

mbam-log-2010-10-29 (22-55-25).txt

Scan type: Quick scan

Objects scanned: 149928

Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-10-21.02) - NTFSx86

Run by aeholt at 23:09:20.84 on Fri 10/29/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.245 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\aeholt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: : {02dca195-602b-4b1f-83ff-381b7e804bdb} - c:\windows\system32\HDBHO.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/peggle/sis/popcaploader_v10_en.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aeholt\applic~1\mozilla\firefox\profiles\2f41l2jv.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin8.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-5 165584]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-29 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-29 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-29 267432]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-5 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-20 40384]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-29 60936]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-20 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-20 40384]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

=============== Created Last 30 ================

2010-10-30 02:42:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-30 02:42:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-30 00:06:04 -------- d-----w- c:\docume~1\aeholt\applic~1\InfraRecorder

2010-10-30 00:05:46 -------- d-----w- c:\program files\InfraRecorder

2010-10-29 23:59:33 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx

2010-10-29 23:59:32 40960 ----a-w- c:\windows\system32\SSubTmr6.dll

2010-10-29 23:59:32 15360 ----a-w- c:\windows\system32\inetfr.DLL

2010-10-29 23:59:32 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL

2010-10-29 23:59:32 119568 ----a-w- c:\windows\system32\VB6FR.DLL

2010-10-29 23:59:32 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

2010-10-29 23:59:31 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL

2010-10-29 23:59:31 -------- d-----w- c:\program files\Free Easy Burner

2010-10-29 23:59:31 -------- d-----w- c:\docume~1\aeholt\applic~1\FreeBurner

2010-10-29 21:36:18 -------- d-----w- c:\docume~1\aeholt\applic~1\Avira

2010-10-29 21:26:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-29 21:26:00 -------- d-----w- c:\program files\Avira

2010-10-29 21:26:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-10-28 23:20:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-10-28 22:35:10 -------- d-----w- C:\VundoFix Backups

2010-10-28 21:44:15 50688 ---ha-w- c:\windows\atmadupd.dll

2010-10-28 19:57:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-27 02:18:27 -------- d-----w- c:\program files\common files\Symantec Shared

2010-10-27 02:12:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-10-27 02:12:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec

2010-10-27 02:12:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-10-24 19:53:06 -------- d-----w- c:\docume~1\aeholt\applic~1\Malwarebytes

2010-10-24 19:52:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-24 19:41:29 0 ----a-w- c:\windows\Azeqog.bin

2010-10-15 18:09:38 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-15 18:09:38 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-10-15 18:09:38 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-15 18:09:16 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2006-03-25 06:32:21 6715392 ----a-w- c:\program files\WindowsDefender.msi

2004-06-24 22:09:42 11134588 ----a-w- c:\program files\x-win540.exe

2004-06-17 20:37:12 356352 -c--a-w- c:\program files\putty.exe

============= FINISH: 23:20:24.73 ===============

Attach.zip

ark.zip

Share this post


Link to post
Share on other sites

Welcome to MBAM :)

Scan with RKUnHooker

  • Please download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest, then Click Ok.
  • Wait till the scanner has finished then click File, Save Report.
  • Save the report to your Desktop. Click Close.

In your next reply, copy and paste the contents of the log.

Note*** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!!

It is recommended to remove parasite, okay?"

Share this post


Link to post
Share on other sites

Thanks, here's the report.

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2367488 bytes (ATI Technologies Inc. , ati3duag.dll)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF6D83000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1331200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xF6C01000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)

0xF6A9E000 C:\WINDOWS\system32\drivers\P17.sys 843776 bytes (Creative Technology Ltd., WDM Audio Miniport)

0xBF2F4000 C:\WINDOWS\System32\ativvaxx.dll 643072 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0xF6B6C000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)

0xF82B1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF4710000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF6950000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF4854000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xF1C22000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xF1D6A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xBF07D000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)

0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 212992 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xF69AE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF83F8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF1E9B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF8284000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF6A4E000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))

0xF4780000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF6A06000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)

0xF4806000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF46C7000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)

0xF83A2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xF482E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF11CF000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF6A7A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6D4B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF6D28000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF47E4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF6A2E000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))

0xF836A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF83C8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF826A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF2503000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)

0xF24EA000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)

0xF838A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF46AF000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF22CB000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)

0xF833E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF69EF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF11F3000 C:\DOCUME~1\aeholt\LOCALS~1\Temp\pxtdrpow.sys 94208 bytes

0xF251C000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)

0xF8355000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)

0xF20D6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6D6F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF48AD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF83E7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF69DE000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF85A7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF6EE8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF6F08000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF6F18000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)

0xF6ED8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF2283000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF86D7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF8567000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF6EC8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF8547000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF8677000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF8777000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF6EF8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF8537000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF8667000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF8707000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0xF8757000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)

0xF8527000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF86A7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF8697000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF8557000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF8767000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF6F28000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF8687000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF8727000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xF2046000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF8787000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)

0xF8717000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF892F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF883F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF891F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF8827000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF87A7000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF88EF000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)

0xF888F000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)

0xF87C7000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF87FF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF8927000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)

0xF8807000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF881F000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)

0xF8917000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF882F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF8877000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0xF8837000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF87AF000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF87EF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF87B7000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF87F7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF87E7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF88A7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF1ED4000 C:\WINDOWS\System32\drivers\aspi32.sys 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)

0xF8A17000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF89CB000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)

0xF79C7000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF2542000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF1DBB000 C:\WINDOWS\system32\drivers\PfModNT.sys 16384 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)

0xF25C3000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)

0xF25CF000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0xF8937000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF48E8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF8A0B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF89DF000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)

0xF8A0F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF8225000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF89EB000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF8A6B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF8A2B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF8A31000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)

0xF8A83000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF8A69000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF8A27000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF8A43000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager

Share this post


Link to post
Share on other sites

I know y'all are busy but I just want to make sure I didn't get forgotten :D

Is there anything else I should do?

Thanks!

Share this post


Link to post
Share on other sites

Sorry for the delay.

Please download mbr.exe to your root drive (usually C;).

[*]Go to Start Run and type the following mbr.exe

Share this post


Link to post
Share on other sites

Nevermind, figured out the link. Oh, and thanks so much for the quick response!

Avast blocked some trojans (it says) while OTL was running and said it moved it to the chest.

11/1/2010 10:42:49 PM C:\WINDOWS\trz3EC.tmp [L] Win32:Crypt-HXX [Trj] (0)

File was successfully moved to chest...

11/1/2010 10:45:17 PM C:\WINDOWS\trz540.tmp [L] Win32:Crypt-HXX [Trj] (0)

File was successfully moved to chest...

Here are the logs:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6L080M0 rev.BACE1G10 -> \Device\Ide\IdeDeviceP1T0L0-e

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

OTL logfile created on: 11/1/2010 10:38:45 PM - Run 1

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\aeholt\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 138.00 Mb Available Physical Memory | 27.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.79 Gb Total Space | 37.14 Gb Free Space | 53.22% Space Free | Partition Type: NTFS

Computer Name: ANNE | User Name: aeholt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 22:36:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aeholt\Desktop\OTL.exe

PRC - [2010/10/27 02:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

========== Modules (SafeList) ==========

MOD - [2010/11/01 22:36:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aeholt\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2005/06/21 10:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/11/27 01:10:39 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)

DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)

DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)

DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)

DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)

DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)

DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)

DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)

DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)

DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)

DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)

DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2004/07/20 01:41:48 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)

DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)

DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)

DRV - [2004/06/09 13:16:44 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)

DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)

DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

DRV - [2003/09/22 09:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2003/09/22 09:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)

DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/30 04:03:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/18 21:26:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 18:20:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 18:19:37 | 000,000,000 | ---D | M]

[2010/10/29 18:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Extensions

[2010/10/29 18:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/11/01 20:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Firefox\Profiles\2f41l2jv.default\extensions

[2010/10/30 23:21:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Firefox\Profiles\2f41l2jv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/31 00:20:44 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Firefox\Profiles\2f41l2jv.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}

[2010/10/29 18:23:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Firefox\Profiles\2f41l2jv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/10/29 18:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/29 18:19:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/10/27 02:10:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/27 02:10:20 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/10/27 02:10:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/10/27 00:49:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/27 00:49:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/27 00:49:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/27 00:49:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/27 00:49:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/27 00:49:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/27 00:49:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/04/18 17:43:50 | 000,307,095 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 10579 more lines...

O2 - BHO: () - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll ()

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)

O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.games.yahoo.com/games/web_...outLauncher.cab (SproutLauncherCtrl Class)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/peggle/si...ader_v10_en.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: netsnlpa - (C:\WINDOWS\atmadupd.dll) - C:\WINDOWS\atmadupd.dll File not found

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 22:36:56 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aeholt\Desktop\OTL.exe

[2010/11/01 16:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo

[2010/11/01 16:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Farmers Market

[2010/10/30 17:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aeholt\Desktop\files

[2010/10/29 22:42:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/29 22:42:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/29 22:41:39 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\aeholt\Desktop\mbam-setup.exe

[2010/10/29 20:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aeholt\Application Data\InfraRecorder

[2010/10/29 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder

[2010/10/29 19:59:33 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx

[2010/10/29 19:59:32 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL

[2010/10/29 19:59:32 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL

[2010/10/29 19:59:32 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL

[2010/10/29 19:59:32 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll

[2010/10/29 19:59:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL

[2010/10/29 19:59:31 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL

[2010/10/29 19:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aeholt\Application Data\FreeBurner

[2010/10/29 19:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy Burner

[2010/10/29 18:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/10/29 18:18:27 | 008,567,280 | ---- | C] (Mozilla) -- C:\Documents and Settings\aeholt\My Documents\Firefox Setup 3.6.12.exe

[2010/10/29 17:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/10/29 17:07:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\aeholt\Recent

[2010/10/28 19:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/10/28 18:35:10 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

[2010/10/28 15:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/26 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2010/10/26 22:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/10/26 22:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2010/10/26 22:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010/10/26 19:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/10/26 19:10:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/10/26 19:10:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/10/26 19:10:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/10/25 16:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/10/24 17:55:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/10/24 15:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aeholt\Application Data\Malwarebytes

[2010/10/24 15:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/15 14:09:38 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/10/15 14:09:38 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/10/15 14:09:38 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/10/15 14:09:16 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2006/01/01 00:50:18 | 011,134,588 | ---- | C] (StarNet Communications Corp. ) -- C:\Program Files\x-win540.exe

[2005/11/28 15:47:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/01 22:36:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aeholt\Desktop\OTL.exe

[2010/11/01 22:35:15 | 000,086,528 | ---- | M] () -- C:\mbr.exe

[2010/11/01 22:30:23 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\Shortcut to peacecraft.exe.lnk

[2010/11/01 21:25:44 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/01 16:53:00 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Farmers Market.lnk

[2010/11/01 16:48:22 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\aeholt\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk

[2010/11/01 16:48:22 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2010/10/30 23:23:29 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\RKUnhookerLE.EXE

[2010/10/30 17:02:10 | 000,094,065 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\jobs.zip

[2010/10/29 23:59:41 | 000,001,403 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\ark.zip

[2010/10/29 23:58:30 | 000,004,519 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\Attach.zip

[2010/10/29 23:26:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/29 23:26:55 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/29 23:17:42 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\0le7tgev.exe

[2010/10/29 23:00:17 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\dds.scr

[2010/10/29 22:56:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\aeholt\defogger_reenable

[2010/10/29 22:44:35 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\Defogger.exe

[2010/10/29 22:42:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/29 22:41:47 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\aeholt\Desktop\mbam-setup.exe

[2010/10/29 20:05:48 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk

[2010/10/29 20:05:27 | 003,702,731 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\ir051.exe

[2010/10/29 19:47:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/29 18:47:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/29 18:19:50 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\aeholt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/29 18:18:28 | 008,567,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\aeholt\My Documents\Firefox Setup 3.6.12.exe

[2010/10/29 18:03:47 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/29 17:32:17 | 079,970,304 | ---- | M] () -- C:\Documents and Settings\aeholt\My Documents\rescue_system-common-en.iso

[2010/10/29 16:38:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/10/28 20:11:24 | 000,000,292 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/10/27 22:27:48 | 001,650,236 | ---- | M] () -- C:\Documents and Settings\aeholt\My Documents\twhirl-0.9.4.air

[2010/10/27 22:27:00 | 002,458,937 | ---- | M] () -- C:\Documents and Settings\aeholt\My Documents\TweetDeck_0_35.3.air

[2010/10/27 02:18:32 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Fjotalolac.dat

[2010/10/27 02:18:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Azeqog.bin

[2010/10/15 14:29:06 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/07 12:35:25 | 000,445,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/07 12:35:25 | 000,072,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/01 22:35:15 | 000,086,528 | ---- | C] () -- C:\mbr.exe

[2010/11/01 22:30:23 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\Shortcut to peacecraft.exe.lnk

[2010/11/01 16:53:00 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Farmers Market.lnk

[2010/11/01 16:48:22 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\aeholt\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk

[2010/11/01 16:48:22 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2010/10/30 23:23:28 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\RKUnhookerLE.EXE

[2010/10/29 23:59:41 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\ark.zip

[2010/10/29 23:58:30 | 000,004,519 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\Attach.zip

[2010/10/29 23:17:41 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\0le7tgev.exe

[2010/10/29 23:00:17 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\dds.scr

[2010/10/29 22:56:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\aeholt\defogger_reenable

[2010/10/29 22:44:35 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\Defogger.exe

[2010/10/29 22:42:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/29 21:50:54 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/29 20:05:48 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk

[2010/10/29 20:05:17 | 003,702,731 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\ir051.exe

[2010/10/29 18:19:50 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\aeholt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/29 18:03:47 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/29 17:32:14 | 079,970,304 | ---- | C] () -- C:\Documents and Settings\aeholt\My Documents\rescue_system-common-en.iso

[2010/10/29 17:18:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/29 16:38:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/10/27 22:27:47 | 001,650,236 | ---- | C] () -- C:\Documents and Settings\aeholt\My Documents\twhirl-0.9.4.air

[2010/10/27 22:27:00 | 002,458,937 | ---- | C] () -- C:\Documents and Settings\aeholt\My Documents\TweetDeck_0_35.3.air

[2010/10/26 17:40:29 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/10/26 04:22:16 | 000,059,901 | ---- | C] () -- C:\Documents and Settings\aeholt\fic.txt

[2010/10/24 15:41:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fjotalolac.dat

[2010/10/24 15:41:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Azeqog.bin

[2010/10/20 02:34:30 | 000,003,100 | ---- | C] () -- C:\Documents and Settings\aeholt\_GEAREXT.WO_IDENT.TXT

[2006/03/25 02:32:12 | 006,715,392 | ---- | C] () -- C:\Program Files\WindowsDefender.msi

[2006/03/25 02:22:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006/01/29 13:06:23 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006/01/29 13:06:23 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006/01/14 18:01:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2006/01/14 18:01:21 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2006/01/14 18:01:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006/01/14 18:01:20 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll

[2006/01/14 18:01:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2006/01/07 20:23:16 | 000,002,593 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/01/01 23:58:41 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll

[2006/01/01 23:58:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll

[2006/01/01 23:58:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll

[2006/01/01 23:58:41 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll

[2006/01/01 23:25:35 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\aeholt\Local Settings\Application Data\DonationCoder_urlsnooper_InstallInfo.dat

[2006/01/01 22:59:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\ExtractAudio.INI

[2006/01/01 22:36:00 | 000,000,499 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/01/01 00:57:20 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\aeholt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/01/01 00:50:20 | 000,356,352 | ---- | C] () -- C:\Program Files\putty.exe

[2005/12/16 22:27:36 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2005/12/16 17:47:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/12/16 17:37:16 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\aeholt\Local Settings\Application Data\fusioncache.dat

[2005/11/28 16:26:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/11/28 16:17:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/11/28 16:11:52 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2005/11/28 15:47:56 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll

[2005/11/28 15:47:56 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll

[2005/11/28 15:47:56 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll

[2005/11/28 15:47:56 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll

[2005/11/28 15:47:56 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll

[2005/11/28 15:47:56 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll

[2005/11/28 15:47:56 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll

[2005/11/28 15:47:56 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll

[2005/11/28 15:47:56 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll

[2005/11/28 15:47:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll

[2005/11/28 15:47:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll

[2005/11/28 15:47:56 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll

[2005/11/28 15:47:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll

[2005/11/28 15:47:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll

[2005/11/28 15:47:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll

[2005/11/28 15:47:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll

[2005/11/28 15:47:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll

[2005/11/28 15:47:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll

[2005/11/28 15:47:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll

[2005/11/28 15:46:38 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2005/08/02 16:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini

[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2009/12/18 05:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Amazon

[2006/01/29 13:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\AVS Video Converter

[2010/05/02 22:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Barnes & Noble

[2006/10/17 19:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\BitTorrent

[2010/10/29 19:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\FreeBurner

[2010/08/19 00:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\GameInvest

[2010/10/29 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\InfraRecorder

[2010/09/27 15:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\IObit

[2008/02/06 22:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\iolo

[2006/01/02 03:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Leadertech

[2010/09/07 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Peace Craft

[2010/09/07 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\PeaceCraft2

[2010/04/08 00:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\PlayFirst

[2006/01/07 20:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Seven Zip

[2008/06/05 21:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\WinFF

[2010/02/20 19:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/06/27 19:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time

[2005/08/16 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream

[2010/11/01 16:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo

[2008/01/04 00:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse

[2010/03/12 22:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games

[2008/02/06 22:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2007/10/30 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2010/02/03 09:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks

[2010/06/28 05:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games

[2010/04/08 00:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010/06/24 02:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment

[2008/01/03 22:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2010/06/13 18:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2008/02/02 14:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/11/01 22:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2005/11/28 16:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/09/29 23:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/11 19:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/09/29 22:32:51 | 3302,369,862 | ---- | M] () -- C:\Addresses.zip

[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/03/31 01:41:08 | 000,000,209 | -HS- | M] () -- C:\boot.ini

[2005/08/16 06:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/01/29 19:24:55 | 000,020,366 | ---- | M] () -- C:\debug.log

[2005/11/28 15:51:42 | 000,006,219 | RH-- | M] () -- C:\dell.sdr

[2009/10/15 02:47:40 | 000,008,017 | ---- | M] () -- C:\dlcc.log

[2008/12/19 05:14:38 | 000,009,245 | ---- | M] () -- C:\dlccscan.log

[2010/10/29 23:26:55 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/29 22:39:20 | 879,189,923 | ---- | M] () -- C:\hidownload.zip

[2009/09/29 22:34:01 | 001,464,387 | ---- | M] () -- C:\house pictures.zip

[2005/12/16 18:45:35 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2005/11/28 16:15:40 | 000,000,831 | -H-- | M] () -- C:\IPH.PH

[2009/09/29 22:32:53 | 000,157,940 | ---- | M] () -- C:\Jobs.zip

[2006/01/01 23:57:33 | 000,000,493 | ---- | M] () -- C:\kustrm.txt

[2010/11/01 22:35:15 | 000,086,528 | ---- | M] () -- C:\mbr.exe

[2010/11/01 22:36:16 | 000,000,285 | ---- | M] () -- C:\mbr.log

[2008/06/05 18:34:41 | 000,035,578 | ---- | M] () -- C:\MP4debug.log

[2005/08/16 06:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/09/17 15:48:34 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/11/01 01:17:08 | 869,306,368 | -HS- | M] () -- C:\pagefile.sys

[2008/05/17 01:31:46 | 000,000,996 | ---- | M] () -- C:\playground.log

[2010/05/20 11:09:37 | 000,144,178 | ---- | M] () -- C:\regoffice.reg

[2010/10/28 15:54:33 | 000,000,397 | ---- | M] () -- C:\rkill.log

[2005/12/30 19:15:38 | 002,865,344 | ---- | M] () -- C:\Shockwave_Installer_Slim.exe

[2006/01/02 02:59:29 | 000,392,179 | ---- | M] () -- C:\smartripper_241.zip

[2006/08/29 22:10:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2006/09/16 14:39:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2006/08/29 22:10:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2006/09/16 14:39:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

[2005/11/28 16:15:51 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

[2006/01/01 23:23:42 | 001,612,288 | ---- | M] () -- C:\URLSnooper.exe

[2006/01/01 22:50:44 | 000,964,447 | ---- | M] (GeoVid ) -- C:\video-mp3-extractor.exe

[2010/10/28 18:56:59 | 000,000,137 | ---- | M] () -- C:\VundoFix.txt

[2006/01/01 22:54:01 | 000,459,024 | ---- | M] (Microsoft

Share this post


Link to post
Share on other sites

Lol, oh I didn't realize we'd fixed anything yet. I just checked in IE and it doesn't seem to be redirecting anymore :welcome: and I haven't noticed firefox hanging.

Avast did put another trojan in the chest this morning (11/02) and again just now. It's this trzXXX.tmp file (the numbers have been different each time. Is that something we installed with OTL or anything? Because avast keeps moving it to the chest.

11/1/2010 10:42:49 PM C:\WINDOWS\trz3EC.tmp [L] Win32:Crypt-HXX [Trj] (0)

File was successfully moved to chest...

11/1/2010 10:45:17 PM C:\WINDOWS\trz540.tmp [L] Win32:Crypt-HXX [Trj] (0)

File was successfully moved to chest...

11/3/2010 12:52:29 AM C:\WINDOWS\trz68C.tmp [L] Win32:Crypt-HXX [Trj] (0)

File was successfully moved to chest...

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :commands
    [emptytemp]
    [emptyflash]
    [reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

=======================================

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Share this post


Link to post
Share on other sites

My computer had trouble with the online scan especially in Firefox. It crashed 3 times so I finally ran it in IE.

OTL logfile created on: 11/3/2010 6:59:35 PM - Run 2

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\aeholt\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 21.00 Mb Available Physical Memory | 4.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.79 Gb Total Space | 37.53 Gb Free Space | 53.78% Space Free | Partition Type: NTFS

Computer Name: ANNE | User Name: aeholt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 22:36:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aeholt\Desktop\OTL.exe

PRC - [2010/10/27 02:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/10/27 02:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

PRC - [2008/01/17 19:01:28 | 000,377,120 | ---- | M] () -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd.exe

PRC - [2007/09/06 14:16:20 | 000,007,168 | ---- | M] () -- C:\Program Files\Dell Support Center\HWDiag\bin\PcdrEngine.exe

PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

========== Modules (SafeList) ==========

MOD - [2010/11/01 22:36:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aeholt\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2005/06/21 10:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/11/27 01:10:39 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)

DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)

DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)

DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)

DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)

DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)

DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)

DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)

DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)

DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)

DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)

DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2004/07/20 01:41:48 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)

DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)

DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)

DRV - [2004/06/09 13:16:44 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)

DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)

DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

DRV - [2003/09/22 09:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2003/09/22 09:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)

DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 18:20:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 18:19:37 | 000,000,000 | ---D | M]

[2010/10/29 18:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Extensions

[2010/11/02 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Firefox\Profiles\2f41l2jv.default\extensions

[2010/10/30 23:21:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Firefox\Profiles\2f41l2jv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/31 00:20:44 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Firefox\Profiles\2f41l2jv.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}

[2010/10/29 18:23:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\aeholt\Application Data\Mozilla\Firefox\Profiles\2f41l2jv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/10/29 18:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/04/18 17:43:50 | 000,307,095 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 10579 more lines...

O2 - BHO: () - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll ()

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.games.yahoo.com/games/web_...outLauncher.cab (SproutLauncherCtrl Class)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/peggle/si...ader_v10_en.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: netsnlpa - (C:\WINDOWS\atmadupd.dll) - C:\WINDOWS\atmadupd.dll File not found

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 18:51:28 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/01 22:36:56 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aeholt\Desktop\OTL.exe

[2010/11/01 16:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fugazo

[2010/11/01 16:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Farmers Market

[2010/10/30 17:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aeholt\Desktop\files

[2010/10/29 22:42:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/29 22:42:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/29 22:41:39 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\aeholt\Desktop\mbam-setup.exe

[2010/10/29 20:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aeholt\Application Data\InfraRecorder

[2010/10/29 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder

[2010/10/29 19:59:33 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx

[2010/10/29 19:59:32 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll

[2010/10/29 19:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aeholt\Application Data\FreeBurner

[2010/10/29 19:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy Burner

[2010/10/29 18:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/10/29 17:07:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\aeholt\Recent

[2010/10/28 19:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/10/28 18:35:10 | 000,000,000 | ---D | C] -- C:\VundoFix Backups

[2010/10/28 15:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/26 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2010/10/26 22:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/10/26 22:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2010/10/26 22:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010/10/26 19:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/10/25 16:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/10/24 17:55:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/10/24 15:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\aeholt\Application Data\Malwarebytes

[2010/10/24 15:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2006/01/01 00:50:18 | 011,134,588 | ---- | C] (StarNet Communications Corp. ) -- C:\Program Files\x-win540.exe

[2005/11/28 15:47:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/11/03 18:55:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/03 18:54:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/03 18:54:22 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/03 01:18:26 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\aeholt\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk

[2010/11/02 00:26:41 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/11/01 22:36:56 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aeholt\Desktop\OTL.exe

[2010/11/01 22:35:15 | 000,086,528 | ---- | M] () -- C:\mbr.exe

[2010/11/01 22:30:23 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\Shortcut to peacecraft.exe.lnk

[2010/11/01 16:53:00 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Farmers Market.lnk

[2010/11/01 16:48:22 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2010/10/30 23:23:29 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\RKUnhookerLE.EXE

[2010/10/30 17:02:10 | 000,094,065 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\jobs.zip

[2010/10/29 23:59:41 | 000,001,403 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\ark.zip

[2010/10/29 23:58:30 | 000,004,519 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\Attach.zip

[2010/10/29 23:17:42 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\0le7tgev.exe

[2010/10/29 23:00:17 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\dds.scr

[2010/10/29 22:56:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\aeholt\defogger_reenable

[2010/10/29 22:44:35 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\Defogger.exe

[2010/10/29 22:42:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/29 22:41:47 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\aeholt\Desktop\mbam-setup.exe

[2010/10/29 20:05:48 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk

[2010/10/29 20:05:27 | 003,702,731 | ---- | M] () -- C:\Documents and Settings\aeholt\Desktop\ir051.exe

[2010/10/29 18:47:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/29 18:19:50 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\aeholt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/29 18:03:47 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/29 17:32:17 | 079,970,304 | ---- | M] () -- C:\Documents and Settings\aeholt\My Documents\rescue_system-common-en.iso

[2010/10/29 16:38:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/10/28 20:11:24 | 000,000,292 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/10/27 22:27:48 | 001,650,236 | ---- | M] () -- C:\Documents and Settings\aeholt\My Documents\twhirl-0.9.4.air

[2010/10/27 22:27:00 | 002,458,937 | ---- | M] () -- C:\Documents and Settings\aeholt\My Documents\TweetDeck_0_35.3.air

[2010/10/27 02:18:32 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Fjotalolac.dat

[2010/10/27 02:18:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Azeqog.bin

[2010/10/15 14:29:06 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/07 12:35:25 | 000,445,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/07 12:35:25 | 000,072,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/11/03 01:18:26 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\aeholt\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk

[2010/11/01 22:35:15 | 000,086,528 | ---- | C] () -- C:\mbr.exe

[2010/11/01 22:30:23 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\Shortcut to peacecraft.exe.lnk

[2010/11/01 16:53:00 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Farmers Market.lnk

[2010/11/01 16:48:22 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk

[2010/10/30 23:23:28 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\RKUnhookerLE.EXE

[2010/10/29 23:59:41 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\ark.zip

[2010/10/29 23:58:30 | 000,004,519 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\Attach.zip

[2010/10/29 23:17:41 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\0le7tgev.exe

[2010/10/29 23:00:17 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\dds.scr

[2010/10/29 22:56:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\aeholt\defogger_reenable

[2010/10/29 22:44:35 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\Defogger.exe

[2010/10/29 22:42:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/29 21:50:54 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/29 20:05:48 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk

[2010/10/29 20:05:17 | 003,702,731 | ---- | C] () -- C:\Documents and Settings\aeholt\Desktop\ir051.exe

[2010/10/29 18:19:50 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\aeholt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/10/29 18:03:47 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/29 17:32:14 | 079,970,304 | ---- | C] () -- C:\Documents and Settings\aeholt\My Documents\rescue_system-common-en.iso

[2010/10/29 17:18:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/29 16:38:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/10/27 22:27:47 | 001,650,236 | ---- | C] () -- C:\Documents and Settings\aeholt\My Documents\twhirl-0.9.4.air

[2010/10/27 22:27:00 | 002,458,937 | ---- | C] () -- C:\Documents and Settings\aeholt\My Documents\TweetDeck_0_35.3.air

[2010/10/26 17:40:29 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/10/26 04:22:16 | 000,059,901 | ---- | C] () -- C:\Documents and Settings\aeholt\fic.txt

[2010/10/24 15:41:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Fjotalolac.dat

[2010/10/24 15:41:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Azeqog.bin

[2010/10/20 02:34:30 | 000,003,100 | ---- | C] () -- C:\Documents and Settings\aeholt\_GEAREXT.WO_IDENT.TXT

[2006/03/25 02:32:12 | 006,715,392 | ---- | C] () -- C:\Program Files\WindowsDefender.msi

[2006/03/25 02:22:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006/01/29 13:06:23 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006/01/29 13:06:23 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006/01/14 18:01:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2006/01/14 18:01:21 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2006/01/14 18:01:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006/01/14 18:01:20 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll

[2006/01/14 18:01:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2006/01/07 20:23:16 | 000,002,593 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/01/01 23:58:41 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll

[2006/01/01 23:58:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll

[2006/01/01 23:58:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll

[2006/01/01 23:58:41 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll

[2006/01/01 23:25:35 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\aeholt\Local Settings\Application Data\DonationCoder_urlsnooper_InstallInfo.dat

[2006/01/01 22:59:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\ExtractAudio.INI

[2006/01/01 22:36:00 | 000,000,499 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006/01/01 00:57:20 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\aeholt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/01/01 00:50:20 | 000,356,352 | ---- | C] () -- C:\Program Files\putty.exe

[2005/12/16 22:27:36 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2005/12/16 17:47:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/12/16 17:37:16 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\aeholt\Local Settings\Application Data\fusioncache.dat

[2005/11/28 16:26:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/11/28 16:17:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/11/28 16:11:52 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2005/11/28 15:47:56 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll

[2005/11/28 15:47:56 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll

[2005/11/28 15:47:56 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll

[2005/11/28 15:47:56 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll

[2005/11/28 15:47:56 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll

[2005/11/28 15:47:56 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll

[2005/11/28 15:47:56 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll

[2005/11/28 15:47:56 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll

[2005/11/28 15:47:56 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll

[2005/11/28 15:47:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll

[2005/11/28 15:47:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll

[2005/11/28 15:47:56 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll

[2005/11/28 15:47:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll

[2005/11/28 15:47:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll

[2005/11/28 15:47:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll

[2005/11/28 15:47:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll

[2005/11/28 15:47:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll

[2005/11/28 15:47:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll

[2005/11/28 15:47:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll

[2005/11/28 15:46:38 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/08/16 06:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/16 06:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2005/08/02 16:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini

[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2009/12/18 05:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Amazon

[2006/01/29 13:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\AVS Video Converter

[2010/05/02 22:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Barnes & Noble

[2006/10/17 19:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\BitTorrent

[2010/10/29 19:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\FreeBurner

[2010/08/19 00:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\GameInvest

[2010/10/29 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\InfraRecorder

[2010/09/27 15:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\IObit

[2008/02/06 22:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\iolo

[2006/01/02 03:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Leadertech

[2010/09/07 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Peace Craft

[2010/09/07 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\PeaceCraft2

[2010/04/08 00:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\PlayFirst

[2006/01/07 20:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\Seven Zip

[2008/06/05 21:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aeholt\Application Data\WinFF

[2010/02/20 19:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/06/27 19:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time

[2005/08/16 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream

[2010/11/01 16:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo

[2008/01/04 00:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse

[2010/03/12 22:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games

[2008/02/06 22:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2007/10/30 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2010/02/03 09:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks

[2010/06/28 05:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games

[2010/04/08 00:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010/06/24 02:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment

[2008/01/03 22:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2010/06/13 18:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2008/02/02 14:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/11/03 16:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2005/11/28 16:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/09/29 23:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/11 19:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 242 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E

@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9

@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8

@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18D4E3

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D03192E

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E9C9E8F

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFC41B39

< End of report >

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Thursday, November 4, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, November 04, 2010 00:36:06

Records in database: 4209675

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Objects scanned: 80996

Threats found: 1

Infected objects found: 2

Suspicious objects found: 0

Scan duration: 05:37:15

File name / Threat / Threats count

C:\Documents and Settings\aeholt\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{26A88FD5-97B6-4D1A-BAF0-A1B5A5A6EBEF} Infected: Trojan.Win32.Qhost.mcf 1

C:\WINDOWS\system32\drivers\etc\hosts.20090418-174350.backup Infected: Trojan.Win32.Qhost.mcf 1

Selected area has been scanned.

Share this post


Link to post
Share on other sites

Seems okay. No redirects or ramping CPU and avast hasn't found anything since the one at 11/3/2010 12:52:29 AM

Share this post


Link to post
Share on other sites

Open OTL.exe and click on the Cleanup button and reboot if needed.

Share this post


Link to post
Share on other sites

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".

2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

3. Then go to Start > Run and type: Cleanmgr

4. Click "OK".

5. Click the "More Options" Tab.

6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.

How to Create a Restore Point.

How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:

  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update

Share this post


Link to post
Share on other sites

I set the new restore point and deleted the old ones.

I've been shutting off automatic updates just while I'm using the computer because svchost.exe and wuaulct.exe will ramp up really high in task manager and my programs hang. I turn it back on when I'm finished for the day.

Share this post


Link to post
Share on other sites

Other than your hardware being pretty old, increasing the ram would help a little.

Share this post


Link to post
Share on other sites

Yeah, it's on the list, lol.

Thanks so much for your help. Am I good to go now?

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.