TechSpot

Help remove rootkit virus identified by Malwarebytes

Solved
By pachi
Nov 30, 2010
  1. pachi

    pachi TS Rookie Topic Starter Posts: 46

    on it right now
     
  2. Broni

    Broni Malware Annihilator Posts: 48,024   +271

    OK..................
     
  3. pachi

    pachi TS Rookie Topic Starter Posts: 46

    OTL logfile created on: 12/12/2010 7:00:18 PM - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 35.27 Gb Free Space | 47.34% Space Free | Partition Type: NTFS
    Drive D: | 7.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: COMPUTER | User Name: administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/10 22:55:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2008/06/05 10:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    PRC - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
    PRC - [2006/09/27 20:33:44 | 000,076,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPDN_LU.exe
    PRC - [2006/09/27 20:33:42 | 000,280,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPC32.exe
    PRC - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
    PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    PRC - [2006/03/03 21:03:22 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe
    PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    PRC - [2005/10/27 12:15:52 | 000,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    PRC - [2004/08/26 16:35:38 | 000,439,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngctw32.exe
    PRC - [2004/07/23 00:46:42 | 000,017,408 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    PRC - [2004/07/23 00:44:32 | 000,040,960 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
    PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    PRC - [2003/03/05 13:49:00 | 000,335,872 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\WinVNC\winvnc.exe
    PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/12/10 22:55:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2004/07/23 00:41:12 | 000,184,320 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger Plus 3.3\J2GPfcW.dll
    MOD - [2004/07/23 00:33:48 | 000,545,280 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger Plus 3.3\J2GRes_Enu.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2008/05/20 04:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
    SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
    SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2004/08/26 16:35:38 | 000,439,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGClient)
    SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
    SRV - [2003/03/05 13:49:00 | 000,335,872 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\WinVNC\WinVNC.exe -- (winvnc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\kbstuff5.sys -- (kbstuff)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\idisw2km.sys -- (idisw2km)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/12/11 02:00:00 | 001,360,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101211.006\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/11 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101211.006\NAVENG.SYS -- (NAVENG)
    DRV - [2010/07/15 13:50:36 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/07/15 13:50:36 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2008/05/20 04:00:00 | 000,023,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/08 17:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
    DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/12/17 17:23:04 | 000,005,248 | --S- | M] (ACE CAD Enterprise Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DigimHID.SYS -- (DigimHID)
    DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/02/02 01:15:14 | 000,196,409 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0060Vid.sys -- (V0060VID)
    DRV - [2004/08/26 16:04:08 | 000,198,720 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ghpcw2k.sys -- (GhPostConfig_Auto)
    DRV - [2004/08/26 16:04:08 | 000,198,720 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\ghpcw2k.sys -- (GhPostConfig)
    DRV - [2004/08/26 16:03:58 | 000,006,496 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\ghmon.sys -- (GhMon)
    DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2001/08/17 12:49:42 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 15 06 34 65 97 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Search"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.496
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.fresh-search.net/?sid=10101069100&s="
    FF - prefs.js..network.proxy.no_proxies_on: ""

    FF - user.js..browser.search.order.1: "Search"
    FF - user.js..keyword.URL: "http://search.fresh-search.net/?sid=10101069100&s="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/28 22:47:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/02 21:59:40 | 000,000,000 | ---D | M]

    [2009/04/21 09:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/12/07 18:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ag21vps.default\extensions
    [2010/07/27 19:36:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ag21vps.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/01/22 16:48:08 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ag21vps.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/01/22 16:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ag21vps.default\extensions\LogMeInClient@logmein.com
    [2010/12/07 18:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/02 21:59:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/13 22:17:21 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
    [2010/09/13 22:17:21 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
    [2010/09/13 22:17:32 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
    [2009/04/23 11:04:23 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
    [2010/09/13 22:17:20 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
    [2010/12/02 21:59:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2006/03/21 12:25:19 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
    [2010/11/08 04:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

    O1 HOSTS File: ([2010/12/06 22:47:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VF0060 STISvc] C:\WINDOWS\System32\V0060Pin.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [WinVNC] C:\Program Files\RealVNC\WinVNC\WinVNC.exe (RealVNC Ltd.)
    O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe (j2 Global Communications, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: ccsend.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: constantcontact.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: ic.aiall ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: icrossing.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: icrossing.net ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: projectorpsa.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: proxicom.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: prxm.corp ([]* in Trusted sites)
    O15 - HKLM\..Trusted Domains: zendesk.com ([]* in Trusted sites)
    O15 - HKLM\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/68.08/uploader2.cab (UploadListView Class)
    O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} http://192.168.10.140/img/NetCamPlayerWeb11g.ocx (NetCamPlayerWeb11g Control)
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264198550417 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264199414715 (MUWebControl Class)
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://192.168.15.253:8080/bl_camera.cab (Bl_camera Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://compuwaremc.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18 - Protocol\Handler\ezstor {6344A3A0-96A7-11D4-88CC-000000000000} - C:\WINDOWS\system32\viewers\ezspp.dll (EzTools Software)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/10/25 09:25:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/06/14 23:25:54 | 000,000,029 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O32 - AutoRun File - [2006/06/14 23:25:44 | 000,000,029 | R--- | M] () - D:\AUTORUN.INI -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.LEAD - LCODCCMP.DLL File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/11 13:05:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
    [2010/12/10 22:54:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/12/08 23:27:10 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/12/08 22:10:52 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/12/04 14:20:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/04 14:20:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/04 14:20:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/04 14:20:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/04 14:19:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/02 21:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2010/12/02 11:18:57 | 000,000,000 | ---D | C] -- C:\HouseBeautiful
    [2010/12/02 11:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
    [2010/12/02 10:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
    [2010/12/02 10:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
    [2010/11/30 20:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/11/30 19:01:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/30 18:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/30 18:13:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2010/11/25 01:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2010/11/20 14:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
    [2010/11/17 20:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/11/14 19:31:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/11/13 19:08:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
    [2010/11/13 16:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/11/13 16:57:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/13 16:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/13 16:57:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/13 16:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/13 12:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mJiBo02042
    [2010/11/13 12:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
    [2010/11/13 11:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/11/13 11:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/11/13 10:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/11/13 10:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

    ========== Files - Modified Within 30 Days ==========

    [2010/12/12 18:51:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/12 09:51:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/11 11:35:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/10 22:55:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/12/10 17:44:30 | 000,000,454 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
    [2010/12/10 17:42:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/10 17:40:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/10 17:40:06 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/08 23:24:07 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
    [2010/12/08 21:34:37 | 003,987,017 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/12/06 22:47:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/05 09:14:46 | 000,466,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/05 09:14:46 | 000,079,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/02 21:47:26 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2010/12/02 21:31:22 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2010/12/02 20:54:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/12/02 11:14:57 | 467,558,392 | ---- | M] () -- C:\HouseBeautiful.zip
    [2010/12/02 10:55:47 | 000,007,155 | ---- | M] () -- C:\Wildcard_In_House_Distribution.mobileprovision
    [2010/12/01 10:22:04 | 000,015,742 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Payment Confirmation - StateFarm_com.htm
    [2010/11/30 20:43:29 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
    [2010/11/30 19:36:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Txamirit.dat
    [2010/11/30 19:02:08 | 000,000,420 | RHS- | M] () -- C:\boot.ini
    [2010/11/30 18:13:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2010/11/30 18:13:08 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\JavaRa.zip
    [2010/11/30 18:11:41 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/13 19:08:55 | 000,000,184 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2010/11/13 16:57:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 14:00:36 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\install

    ========== Files Created - No Company Name ==========

    [2010/12/08 23:24:03 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
    [2010/12/04 14:20:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/04 14:20:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/04 14:20:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/04 14:20:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/04 14:20:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/04 12:58:58 | 003,987,017 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/12/02 21:47:26 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2010/12/02 21:31:13 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2010/12/02 10:55:46 | 000,007,155 | ---- | C] () -- C:\Wildcard_In_House_Distribution.mobileprovision
    [2010/12/02 10:55:19 | 467,558,392 | ---- | C] () -- C:\HouseBeautiful.zip
    [2010/12/01 10:22:04 | 000,015,742 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Payment Confirmation - StateFarm_com.htm
    [2010/11/30 20:43:29 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
    [2010/11/30 19:02:08 | 000,000,304 | ---- | C] () -- C:\Boot.bak
    [2010/11/30 19:02:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/30 18:13:06 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\JavaRa.zip
    [2010/11/30 18:11:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/11/26 16:43:49 | 001,209,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IMG_5316.JPG
    [2010/11/24 19:00:35 | 3210,891,264 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/20 09:11:36 | 000,005,588 | R--- | C] () -- C:\WINDOWS\VF0060.uns
    [2010/11/13 19:08:55 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/11/13 16:57:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 14:00:36 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\install
    [2010/11/13 12:25:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Txamirit.dat
    [2010/09/14 19:34:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Project Templates
    [2010/09/14 19:34:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Printers
    [2010/09/14 19:34:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
    [2010/09/14 19:34:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Quartz Composer
    [2010/09/14 19:34:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\PrintingModule
    [2010/09/14 19:33:56 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/12 21:22:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
    [2010/09/12 21:07:39 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
    [2010/09/12 20:56:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Synthesizers
    [2010/09/12 20:56:37 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Horns
    [2010/09/12 20:56:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
    [2010/09/12 20:54:01 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Chords
    [2010/09/12 20:54:01 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Administrator\Application Data\HomePageService
    [2010/09/12 20:54:01 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2010/08/28 23:59:56 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/08/02 12:35:55 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2010/08/02 12:03:57 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
    [2010/08/02 12:03:38 | 000,000,688 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2010/08/02 11:58:41 | 000,011,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2010/08/02 11:42:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2010/02/10 10:58:39 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/09/11 08:39:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2008/09/08 07:36:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\ricdb.ini
    [2008/08/27 15:14:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
    [2008/07/16 14:43:31 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/01/31 09:40:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS\ftcun2k.ini
    [2007/01/31 09:40:47 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
    [2007/01/31 09:40:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftcun2k.ini
    [2007/01/31 09:40:46 | 000,000,090 | ---- | C] () -- C:\WINDOWS\ftdiun2k.ini
    [2007/01/31 09:40:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
    [2006/10/27 08:32:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
    [2006/10/27 08:32:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
    [2006/06/09 13:44:22 | 000,000,454 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
    [2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
    [2004/12/01 08:32:24 | 000,000,110 | ---- | C] () -- C:\WINDOWS\fiery.ini
    [2004/12/01 08:26:58 | 000,000,095 | ---- | C] () -- C:\WINDOWS\TOCR.ini
    [2004/12/01 07:49:42 | 000,000,278 | ---- | C] () -- C:\WINDOWS\efinl.ini
    [2004/11/05 11:01:25 | 000,000,074 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
    [2004/11/02 14:03:03 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
    [2004/11/02 14:03:03 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
    [2004/11/02 13:58:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
    [2004/10/25 08:02:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/10/22 11:13:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/04/19 11:11:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BarracudaAddin.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2010/11/13 12:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.purple
    [2009/04/20 15:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
    [2010/12/02 10:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
    [2009/04/20 15:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\j2 Global
    [2010/08/29 14:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
    [2010/09/14 19:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
    [2010/10/21 11:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
    [2010/01/22 17:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2010/11/02 22:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2006/12/01 11:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
    [2005/10/27 12:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
    [2007/01/02 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DesktopStandard
    [2010/09/14 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2010/09/14 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Filter
    [2010/09/14 19:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Folder Actions
    [2007/03/14 09:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Homestead
    [2005/10/27 10:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2004/11/05 11:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\j2 Global
    [2010/08/20 18:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2010/11/15 21:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mJiBo02042
    [2005/03/15 07:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
    [2010/09/12 20:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2007/12/28 07:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
    [2010/09/12 20:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pick Bass
    [2010/09/12 20:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintingModule
    [2010/09/14 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2007/02/07 05:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/11/15 21:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
    [2008/09/11 07:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zulohwlw
    [2010/08/15 19:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
     
  4. pachi

    pachi TS Rookie Topic Starter Posts: 46

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/10/25 09:25:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/12/10 17:39:36 | 000,001,010 | ---- | M] () -- C:\avenger.txt
    [2008/09/11 08:02:18 | 000,000,304 | ---- | M] () -- C:\Boot.bak
    [2010/11/30 19:02:08 | 000,000,420 | RHS- | M] () -- C:\boot.ini
    [2010/10/15 09:51:30 | 000,052,717 | ---- | M] () -- C:\Bug_report_1015.htm
    [2010/10/15 09:57:24 | 000,027,648 | ---- | M] () -- C:\Bug_report_1015.xls
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/08 22:24:23 | 000,025,075 | ---- | M] () -- C:\ComboFix.txt
    [2004/10/25 09:25:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/10/10 09:44:29 | 004,945,660 | ---- | M] () -- C:\efax.zip
    [2004/10/25 10:16:58 | 000,004,096 | -H-- | M] () -- C:\gvpcfg.bin
    [2010/12/10 17:40:06 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/02 11:14:57 | 467,558,392 | ---- | M] () -- C:\HouseBeautiful.zip
    [2004/10/25 09:25:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/12/02 21:52:49 | 000,013,607 | ---- | M] () -- C:\JavaRa.log
    [2010/08/02 12:39:01 | 000,000,895 | ---- | M] () -- C:\mombi.log
    [2004/10/25 09:25:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/10/25 09:08:25 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/07/27 09:22:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/12/10 17:40:04 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2004/10/25 10:16:58 | 025,165,824 | ---- | M] () -- C:\VIRTPART.DAT
    [2010/12/02 10:55:47 | 000,007,155 | ---- | M] () -- C:\Wildcard_In_House_Distribution.mobileprovision

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2006/02/19 03:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\Fonts\*.ini >
    [2004/10/25 09:24:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/10/27 08:32:00 | 000,070,144 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DKAAY54C.DLL
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/10/22 11:11:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/10/22 11:11:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/10/22 11:11:52 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/07/27 09:44:51 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/10/30 14:20:09 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/10/25 09:32:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/07/31 23:56:51 | 531,598,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AiO_071_000_201_000_CDA_Default-Full_Network_AmericasEuro1_NB.exe
    [2008/05/30 23:09:46 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avenger.exe
    [2010/12/08 21:34:37 | 003,987,017 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/30 18:11:41 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/12/10 22:55:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/10/10 08:42:26 | 010,917,368 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\picasa38-setup.exe
    [2010/09/12 20:53:46 | 046,424,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\S-CNX2__-224WF-NSAEN-32BIT_.exe
    [2010/09/12 20:53:26 | 070,739,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\S-VNX2__-201WF-NSAEN-32BIT_.exe
    [2010/11/30 18:13:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >
    [2008/06/23 14:15:19 | 000,000,008 | ---- | M] () -- C:\WINDOWS\java\pord.wed

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/08/09 19:02:06 | 000,641,473 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Administrator\My Documents\JavaRa.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >
    [2004/03/23 13:52:00 | 000,025,316 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\FTCSENUM.SYS
    [2004/03/23 19:36:00 | 000,056,031 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\FTCSER2K.SYS
    [2004/03/31 12:34:00 | 000,043,058 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\FTCUSB.SYS
    [2004/06/11 20:15:44 | 000,010,498 | ---- | M] () -- C:\WINDOWS\Driver Cache\ftdibus.cat
    [2004/04/20 11:04:56 | 000,024,209 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\ftdibus.sys
    [2004/06/11 20:16:12 | 000,010,504 | ---- | M] () -- C:\WINDOWS\Driver Cache\ftdiport.cat
    [2004/04/20 11:05:10 | 000,057,404 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\Driver Cache\ftser2k.sys
    [2005/03/09 15:50:20 | 000,033,792 | ---- | M] () -- C:\WINDOWS\Driver Cache\libusb0.sys
    [2006/05/16 18:55:18 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Driver Cache\usbser.sys

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/10/30 14:20:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/08/11 18:26:53 | 000,002,000 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/12/12 14:45:41 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2003/07/16 09:26:44 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2003/07/16 09:32:59 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2003/07/16 09:33:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2003/07/16 09:34:32 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
     
  5. pachi

    pachi TS Rookie Topic Starter Posts: 46

    Yesterday's Extras.txt log file.

    OTL Extras logfile created on: 12/10/2010 10:59:59 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 35.86 Gb Free Space | 48.13% Space Free | Partition Type: NTFS
    Drive D: | 7.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: COMPUTER | User Name: administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "59152:UDP" = 59152:UDP:*:Enabled:SonicWALL Compliance 59152
    "59153:UDP" = 59153:UDP:*:Enabled:SonicWALL Compliance 59153
    "1234:TCP" = 1234:TCP:LocalSubNet:Enabled:mediahandler

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Symantec\Ghost\ngctw32.exe" = C:\Program Files\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Win32 Client Agent -- (Symantec Corporation)
    "C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Psi\psi.exe" = C:\Psi\psi.exe:*:Disabled:psi -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Symantec\Ghost\ngctw32.exe" = C:\Program Files\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Win32 Client Agent -- (Symantec Corporation)
    "C:\Program Files\AIM95\aim.exe" = C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
    "{2b02f834-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Professional Services Edition 2004
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{2FE11D22-D877-4700-08C1-89A1B9B00045}" = Symantec Ghost Console Client
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
    "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{50EF6812-7B51-4459-A52D-B4776DAAA415}" = ACECAD DigiMemo Manager
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{54D0CC3E-A83A-475A-83EE-E9AF8AFB9538}" = WebEx Meeting Manager for Mozilla Firefox/Netscape Navigator
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67C8FF73-8A8D-45EB-9F46-AD2B3BCF0762}" = Nokia Dicas Codecs
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7723A0B8-23A2-454B-8831-99965558AECD}" = Documents To Go
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A5FCC3DE-56BD-48b2-8054-4BBE70BE186B}" = eFax Messenger Plus 3.3
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
    "{D002159B-91CD-48E5-96D1-C476BA3DECB3}" = 3100_3200_3300_Help
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D3227BD6-7D66-4B96-BA01-C21FB1F2224D}" = 3100_3200_3300trb
    "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{E1D94FAD-CFA4-4B76-91D9-28F5AB18A431}" = 3300
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E67FAA8D-58E0-433C-833C-6647CDB14AB0}" = Macromedia Flash Player 8
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AOL Instant Messenger" = AOL Instant Messenger
    "AudibleManager" = AudibleManager
    "Barracuda Networks Outlook Plugin_is1" = Barracuda Networks Outlook Plugin 0.9d
    "Buzz Lightyear Astro Blasters" = Buzz Lightyear Astro Blasters
    "Capture NX 2" = Capture NX 2
    "Creative VF0060" = Creative WebCam Live! Ultra Driver (1.01.03.0127)
    "FileZilla Client" = FileZilla Client 3.3.5.1
    "Google Chrome" = Google Chrome
    "GTK 2.0" = GTK+ Runtime 2.12.1 rev a (remove only)
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
    "Internet Tablet Video Converter_is1" = Internet Tablet Video Converter 0.22
    "LimeWire" = LimeWire 4.16.6
    "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Past-Track" = LAS Tracking Key / 3100 Programs
    "Photocopier_is1" = Photocopier Version 2.28
    "Picasa 3" = Picasa 3
    "Pidgin" = Pidgin
    "RDC" = RDC
    "TOCR 1.1" = Transym TOCR
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Visual Hindsight Professional Edition_is1" = Visual Hindsight Professional Edition 1.2
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WinVNC_is1" = VNC 3.3.7
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "magicJack" = magicJack

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/2/2010 5:35:48 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module , version 0.0.0.0, fault address 0x00000000.

    Error - 12/2/2010 5:40:48 PM | Computer Name = COMPUTER | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    Error - 12/2/2010 6:22:30 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
    Description = Faulting application hpqtra08.exe, version 70.0.170.0, faulting module
    hpzidr12.dll, version 10.1.1.5, fault address 0x00007209.

    Error - 12/2/2010 7:20:29 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
    Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
    hpzidr12.dll, version 10.1.1.5, fault address 0x00007209.

    Error - 12/4/2010 5:18:51 PM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
    C:\32788R22FWJFW\pev.exe (PID 3344) Time: Saturday, December 04, 2010 2:18:51
    PM

    Error - 12/7/2010 6:55:45 PM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711726
    Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
    Information\_restore{D0DA8DCA-151D-4AF6-903A-D038BE3027DE}\RP3\A0001528.sys by:
    Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file
    was quarantined successfully.

    Error - 12/7/2010 6:55:48 PM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711685
    Description = Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume Information\_restore{D0DA8DCA-151D-4AF6-903A-D038BE3027DE}\RP3\A0001528.sys
    by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
    The file was quarantined successfully.

    Error - 12/7/2010 6:55:48 PM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Risk: Bloodhound.MalPE in File: C:\System Volume
    Information\_restore{D0DA8DCA-151D-4AF6-903A-D038BE3027DE}\RP3\A0001528.sys by:
    Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
    The file was quarantined successfully.

    Error - 12/9/2010 12:33:14 AM | Computer Name = COMPUTER | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
    C:\32788R22FWJFW\pev.exe (PID 432) Time: Wednesday, December 08, 2010 9:33:14
    PM

    Error - 12/9/2010 2:37:04 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
    Description = Faulting application hpqtra08.exe, version 70.0.170.0, faulting module
    hpzidr12.dll, version 10.1.1.5, fault address 0x00007209.

    [ System Events ]
    Error - 12/7/2010 1:44:48 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_QEVUUE\0000 disappeared from the system without
    first being prepared for removal.

    Error - 12/7/2010 1:53:48 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 12/7/2010 12:46:26 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    agp440 IntelIde

    Error - 12/7/2010 12:49:38 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 12/9/2010 2:29:33 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    agp440 IntelIde

    Error - 12/9/2010 2:32:58 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 12/10/2010 8:42:48 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    agp440 IntelIde

    Error - 12/10/2010 8:45:09 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.


    < End of report >
     
  6. Broni

    Broni Malware Annihilator Posts: 48,024   +271

     
  7. Broni

    Broni Malware Annihilator Posts: 48,024   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.search.order.1: "Search"
      FF - prefs.js..browser.startup.homepage: ""
      FF - prefs.js..network.proxy.no_proxies_on: ""
      FF - user.js..browser.search.order.1: "Search"
      FF - user.js..keyword.URL: "http://search.fresh-search.net/?sid=10101069100&s="
      [2010/11/08 04:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml
      O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
      O15 - HKLM\..Trusted Domains: ccsend.com ([]* in Trusted sites)
      O15 - HKLM\..Trusted Domains: constantcontact.com ([]* in Trusted sites)
      O15 - HKLM\..Trusted Domains: ic.aiall ([]* in Trusted sites)
      O15 - HKLM\..Trusted Domains: icrossing.com ([]http in Trusted sites)
      O15 - HKLM\..Trusted Domains: icrossing.net ([]* in Trusted sites)
      O15 - HKLM\..Trusted Domains: projectorpsa.com ([]* in Trusted sites)
      O15 - HKLM\..Trusted Domains: proxicom.com ([]* in Trusted sites)
      O15 - HKLM\..Trusted Domains: prxm.corp ([]* in Trusted sites)
      O15 - HKLM\..Trusted Domains: zendesk.com ([]* in Trusted sites)
      O15 - HKLM\..Trusted Ranges: Range1 ([http] in Local intranet)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      [2005/03/15 07:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
      [2007/02/07 05:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2008/09/11 07:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zulohwlw
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  8. pachi

    pachi TS Rookie Topic Starter Posts: 46

    computer performance is much better, thanks to you.
    MBAM came negative for a change :).
     
  9. pachi

    pachi TS Rookie Topic Starter Posts: 46

    All processes killed
    ========== OTL ==========
    Prefs.js: "Search" removed from browser.search.order.1
    Prefs.js: "" removed from browser.startup.homepage
    Prefs.js: "" removed from network.proxy.no_proxies_on
    C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\7ag21vps.default\user.js moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ccsend.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\constantcontact.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ic.aiall\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\icrossing.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\icrossing.net\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\projectorpsa.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\proxicom.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\prxm.corp\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zendesk.com\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Network Associates folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\zulohwlw folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 8403354 bytes
    ->Temporary Internet Files folder emptied: 6770687 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 58693025 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 8130 bytes

    User: Administrator.AZSRV
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: alavelle
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: alester
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: All Users

    User: amin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: ateeples
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: bfranklin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: cganey
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: chyder
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: dmaher
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: helpstar
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: jalire
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JayV
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jayv.IC077
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jberg
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jbrickles
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: jlesmes
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jmarlow
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jstinson
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jstrong
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kbrown
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 114822 bytes
    ->Flash cache emptied: 434 bytes

    User: mandrews
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mherman
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mvallone
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: nbond
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ndichristofano
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 571938 bytes
    ->Flash cache emptied: 0 bytes

    User: rchavez
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: sgranger
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: sromandetti
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ssuresh
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: tdelaca
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: tlok
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 71.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: Administrator.AZSRV

    User: alavelle

    User: alester

    User: All Users

    User: amin

    User: ateeples

    User: bfranklin

    User: cganey
    ->Flash cache emptied: 0 bytes

    User: chyder
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: dmaher
    ->Flash cache emptied: 0 bytes

    User: helpstar

    User: jalire

    User: JayV
    ->Flash cache emptied: 0 bytes

    User: jayv.IC077
    ->Flash cache emptied: 0 bytes

    User: jberg
    ->Flash cache emptied: 0 bytes

    User: jbrickles

    User: jlesmes
    ->Flash cache emptied: 0 bytes

    User: jmarlow
    ->Flash cache emptied: 0 bytes

    User: jstinson
    ->Flash cache emptied: 0 bytes

    User: jstrong

    User: kbrown
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: mandrews
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser

    User: mherman

    User: mvallone
    ->Flash cache emptied: 0 bytes

    User: nbond
    ->Flash cache emptied: 0 bytes

    User: ndichristofano
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: rchavez
    ->Flash cache emptied: 0 bytes

    User: sgranger
    ->Flash cache emptied: 0 bytes

    User: sromandetti
    ->Flash cache emptied: 0 bytes

    User: ssuresh
    ->Flash cache emptied: 0 bytes

    User: tdelaca
    ->Flash cache emptied: 0 bytes

    User: tlok
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12122010_210453

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  10. Broni

    Broni Malware Annihilator Posts: 48,024   +271

    Good :)
    Go on...
     
  11. pachi

    pachi TS Rookie Topic Starter Posts: 46

    pasting the contents of Checkup.txt....

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Symantec AntiVirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader X
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Symantec AntiVirus DefWatch.exe
    Symantec AntiVirus SavRoam.exe
    Symantec AntiVirus Rtvscan.exe
    Symantec AntiVirus DoScan.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,024   +271

    Looks good :)
     
  13. pachi

    pachi TS Rookie Topic Starter Posts: 46

    EST online scanner in progress :).
     
  14. Broni

    Broni Malware Annihilator Posts: 48,024   +271

    OK :).............
     
  15. pachi

    pachi TS Rookie Topic Starter Posts: 46

    C:\Program Files\AIM95\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application
     
  16. Broni

    Broni Malware Annihilator Posts: 48,024   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\AIM95\Sysfiles\WxBug.EXE
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  17. pachi

    pachi TS Rookie Topic Starter Posts: 46

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\AIM95\Sysfiles\WxBug.EXE moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 138041 bytes
    ->Temporary Internet Files folder emptied: 6937131 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 434 bytes

    User: Administrator.AZSRV
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: alavelle
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: alester
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: All Users

    User: amin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: ateeples
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: bfranklin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: cganey
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: chyder
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: dmaher
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: helpstar
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: jalire
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JayV
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jayv.IC077
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jberg
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jbrickles
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: jlesmes
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jmarlow
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jstinson
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jstrong
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kbrown
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: mandrews
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mherman
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mvallone
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: nbond
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ndichristofano
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: rchavez
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: sgranger
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: sromandetti
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ssuresh
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: tdelaca
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: tlok
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: Administrator.AZSRV

    User: alavelle

    User: alester

    User: All Users

    User: amin

    User: ateeples

    User: bfranklin

    User: cganey
    ->Flash cache emptied: 0 bytes

    User: chyder
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: dmaher
    ->Flash cache emptied: 0 bytes

    User: helpstar

    User: jalire

    User: JayV
    ->Flash cache emptied: 0 bytes

    User: jayv.IC077
    ->Flash cache emptied: 0 bytes

    User: jberg
    ->Flash cache emptied: 0 bytes

    User: jbrickles

    User: jlesmes
    ->Flash cache emptied: 0 bytes

    User: jmarlow
    ->Flash cache emptied: 0 bytes

    User: jstinson
    ->Flash cache emptied: 0 bytes

    User: jstrong

    User: kbrown
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: mandrews
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser

    User: mherman

    User: mvallone
    ->Flash cache emptied: 0 bytes

    User: nbond
    ->Flash cache emptied: 0 bytes

    User: ndichristofano
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: rchavez
    ->Flash cache emptied: 0 bytes

    User: sgranger
    ->Flash cache emptied: 0 bytes

    User: sromandetti
    ->Flash cache emptied: 0 bytes

    User: ssuresh
    ->Flash cache emptied: 0 bytes

    User: tdelaca
    ->Flash cache emptied: 0 bytes

    User: tlok
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12132010_172237

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF80A7.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF81AD.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8939.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF89B0.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8C23.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8ED5.tmp not found!
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XSU3I7U9\topic157455-4[1].html moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W7EO9112\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W7EO9112\sh29[1].html moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File\Folder C:\Documents and Settings\LocalService\Local Settings\Temp\Perflib_Perfdata_568.dat not found!

    Registry entries deleted on Reboot...
     
  18. pachi

    pachi TS Rookie Topic Starter Posts: 46

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 137937 bytes
    ->Temporary Internet Files folder emptied: 1913526 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 434 bytes

    User: Administrator.AZSRV
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: alavelle
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: alester
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: All Users

    User: amin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: ateeples
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: bfranklin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: cganey
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: chyder
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: dmaher
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: helpstar
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: jalire
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JayV
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jayv.IC077
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jberg
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jbrickles
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: jlesmes
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jmarlow
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jstinson
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jstrong
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kbrown
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: mandrews
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mherman
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mvallone
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: nbond
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ndichristofano
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: rchavez
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: sgranger
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: sromandetti
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ssuresh
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: tdelaca
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: tlok
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 2.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: Administrator.AZSRV

    User: alavelle

    User: alester

    User: All Users

    User: amin

    User: ateeples

    User: bfranklin

    User: cganey
    ->Flash cache emptied: 0 bytes

    User: chyder
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: dmaher
    ->Flash cache emptied: 0 bytes

    User: helpstar

    User: jalire

    User: JayV
    ->Flash cache emptied: 0 bytes

    User: jayv.IC077
    ->Flash cache emptied: 0 bytes

    User: jberg
    ->Flash cache emptied: 0 bytes

    User: jbrickles

    User: jlesmes
    ->Flash cache emptied: 0 bytes

    User: jmarlow
    ->Flash cache emptied: 0 bytes

    User: jstinson
    ->Flash cache emptied: 0 bytes

    User: jstrong

    User: kbrown
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: mandrews
    ->Flash cache emptied: 0 bytes

    User: McAfeeMVSUser

    User: mherman

    User: mvallone
    ->Flash cache emptied: 0 bytes

    User: nbond
    ->Flash cache emptied: 0 bytes

    User: ndichristofano
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: rchavez
    ->Flash cache emptied: 0 bytes

    User: sgranger
    ->Flash cache emptied: 0 bytes

    User: sromandetti
    ->Flash cache emptied: 0 bytes

    User: ssuresh
    ->Flash cache emptied: 0 bytes

    User: tdelaca
    ->Flash cache emptied: 0 bytes

    User: tlok
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.3 log created on 12132010_173522

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBE8E.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC08C.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC27D.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC402.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC953.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCC23.tmp not found!
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QQT8PO10\sh29[1].html moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QQT8PO10\topic157455-4[1].html moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2SWPKQ3A\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  19. pachi

    pachi TS Rookie Topic Starter Posts: 46

    You are super duper, Thank you sooo muchoo!

     
  20. pachi

    pachi TS Rookie Topic Starter Posts: 46

    Broni,
    Please accept my donation. Though not a big amount, for the time you spent with me on this wish I could get you coffee in person.

    Thanks
    Prashanth (pachi)
     
  21. Broni

    Broni Malware Annihilator Posts: 48,024   +271

    Thank you very much and....

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.