TechSpot

Please help me to finish clean-up from Microsoft Security Suite malware invasion

Inactive
By jbmorgan
Aug 18, 2010
Topic Status:
Not open for further replies.
  1. Hello! A few days ago, my eee PC laptop was unfortunately infected with the Microsoft Security Suite malware. I was able to install and run Malwarebytes in Safe Mode Networking, and that got rid of 90% of the problems. However, there are still a couple of strange things going on, such as the fact that my virus protection (Microsoft Security Essentials) isn't able to run updates, and my Windows Update also doesn't seem able to run. After consulting with some kind people in another thread on this site, I was advised to follow the 8-step procedure, which I just did. I was hoping that if I post the logs here, someone could take a look and tell me what else might need to be done. The logs were too long to paste so I've attached them. Thank you very much!

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi. Just a FYI. Keep away from cracks and keygens. They will ALL infect your pc. Not worth it.

    ====

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
  3. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Combofix log, as requested

    Hello Crunchie,

    Thanks a lot for your help. The Combofix log is attached. I don't know if you need this as well, but shortly after I started it, it told me that it had detected rootkit activity and asked me to write down the following: "Service: ACPIEC, Location: C\WINDOWS\system32\DRIVERS\ACPIEC.sys

    --John

    Attached Files:

    • log.txt
      File size:
      116.7 KB
      Views:
      4
  4. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    New problems...

    Since I posted the last message, some new problems have occurred. First, I was pleasantly surprised to find that I was able to load the updates for Microsoft Security Essentials, which I was unable to do since the malware attack.After that I started running a fresh check with Malwarebytes. I was on-line on the Web at the time, but I certainly wasn't downloading any torrents or on any torrent sites. I got an alert from MSE which said that a trojan was attempting to infiltrate my system. It asked me if I wanted to clean it and of course I said yes, and it said it was able to get rid of it. Then, a few minutes later, I suddenly got the blue screen of death for no apparent reason and had to restart. Then I had the Microsoft Windows "The system has recovered from a serious error" pop-up on my screen, and I couldn't get it off my screen for some time, although it finally seems to have stopped reappearing. I don't know if this was a fresh infection or the result of the last one, but I thought I should describe it.
  5. crunchie

    crunchie Malware Helper Posts: 761

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

  6. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Eset log

    Thank you. The Eset log is attached.

    Attached Files:

  7. crunchie

    crunchie Malware Helper Posts: 761

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  8. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    OTL logs attached

    The OTL logs are attached to this message.

    Attached Files:

  9. crunchie

    crunchie Malware Helper Posts: 761

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\zmfdaenl.sys -- (zmfdaenl)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ydngsxyy.sys -- (ydngsxyy)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vqjskoqf.sys -- (vqjskoqf)
      DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\JOHNB~1.MOR\LOCALS~1\Temp\lvehgy.sys -- (ujujcnlptkzyhs)
      DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys -- (ShldDrv)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RT2860.sys -- (RT80x86)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RkPavproc3.sys -- (RkPavproc3)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RkPavproc2.sys -- (RkPavproc2)
      DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\PavProc.sys -- (PavProc)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ngghlbmg.sys -- (ngghlbmg)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\inyccpgo.sys -- (inyccpgo)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\bxzadlol.sys -- (bxzadlol)
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe File not found
      [2010/08/13 23:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\armrhjjrv
      [2010/08/08 03:29:58 | 000,000,000 | ---D | C] -- C:\4e0a71e16dec71b604201b5ae1bd35
      :Commands
      [emptyflash]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    ===================

    Let me know how the pc is please.
  10. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    New OTL logs

    Attached are the latest OTL logs (the first from when I ran the script you gave me, and the second from the scan I ran afterwards). For some reason it didn't create an Extras log this time.

    So far my PC seems to be working all right although of course I just ran the script so it's a bit early to say. If I have any problems later I'll post about it here.

    Attached Files:

  11. crunchie

    crunchie Malware Helper Posts: 761

    No worries. Keep me posted :).
     
  12. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    New problem

    Hello,

    I'm sorry for being away for so long. I thought the problem was solved but today it re-emerged.

    Earlier today I was infected by the Antivirus Action malware. I ran Malwarebytes and ran a full scan in Safe Mode. The first time it found and removed several infections. I ran it a second time and it found nothing. My system is greatly improved, but for some reason my Microsoft Security Essentials suite is switched off and I cannot get it to restart. In regular mode it is non-responsive, and even in Safe Mode I cannot switch it back on for monitoring (even though it will scan). I'm concerned that there may still be traces of the infection in my system. Thank you in advance.
  13. crunchie

    crunchie Malware Helper Posts: 761

    I do not believe it has re-emerged. More likely you have got yourself re-infected.
    Plese go through the procedure of posting the logs and I will take a look.
  14. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Malwarbytes log

    Thank you. I suppose you're correct although I haven't downloaded anything recently.

    My new Malwarebytes log is attached. I really appreciate your help.

    --John

    Attached Files:

  15. crunchie

    crunchie Malware Helper Posts: 761

    Can you post the Gmer and DDS logs too please.
    Also, logs are not to be attached anymore, so please just paste them into your reply.
    If they are too long, break them over several posts.
  16. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    GMER log

    Yes, thank you. Below is the GMER log.

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-14 20:51:33
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303
    Running: i3c1yjv1.exe; Driver: C:\DOCUME~1\JOHNB~1.MOR\LOCALS~1\Temp\awtdrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwEnumerateKey [0xB9EFEFFE]
    SSDT sptd.sys ZwEnumerateValueKey [0xB9EFF38C]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A8421F8
    Device \Driver\atapi \Device\Ide\IdePort0 8A8421F8
    Device \Driver\atapi \Device\Ide\IdePort1 8A8421F8
    Device \FileSystem\Ntfs \Ntfs 8A8411F8
    Device \FileSystem\Fastfat \Fat 898841F8

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  17. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    DDS log #1

    Here is the first DDS log:

    DDS (Ver_10-11-10.01) - NTFSx86
    Run by John B. Morgan IV at 20:55:34.82 on Sun 11/14/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1425 [GMT -5:00]

    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Samsung\EmoDio\SMSTray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Elantech\ETDDect.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\John B. Morgan IV\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.arktos.com/
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:50370
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB: Softonic English Findbar: {8c5ad199-66d9-4cea-849d-a72c81da26f3} - c:\program files\softonic_english\tbSof0.dll
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MobiLink3] c:\program files\novatel wireless\virgin mobile\MobiLink3.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SMSTray] c:\program files\samsung\emodio\SMSTray.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
    mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
    mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
    mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
    mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\johnb~1.mor\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\john b. morgan iv\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    Trusted Zone: bobibanking.com\www
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849575053
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263849552381
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\johnb~1.mor\applic~1\mozilla\firefox\profiles\wlrr7xnj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.arktos.com/
    FF - prefs.js: keyword.URL - hxxp://in.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_in&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\john b. morgan iv\application data\mozilla\firefox\profiles\wlrr7xnj.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
    R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-8-24 82432]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
    S2 LanmanSrv;Trusted Center;c:\windows\system32\svchost.exe -k netsvcs [2009-11-24 14336]
    S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
    S3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\drivers\nwvmmdm.sys [2009-5-15 174720]
    S3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\drivers\nwvmser.sys [2009-5-15 174720]
    S3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\drivers\nwvmser2.sys [2009-5-15 174720]
    S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\rkpavproc1.sys [2009-4-24 16952]

    =============== Created Last 30 ================

    2010-11-12 20:07:14 -------- d-----w- c:\program files\winlogon.exe
    2010-11-12 09:13:14 105984 --sha-r- c:\windows\system32\msvcrt208.dll
    2010-11-12 04:54:05 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{aebbd557-1686-4fa4-8a21-cafe0e1ec9c5}\mpengine.dll
    2010-11-11 19:04:35 -------- d-----w- c:\docume~1\johnb~1.mor\applic~1\com.adobe.ExMan

    ==================== Find3M ====================

    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-23 14:37:19 52355 ----a-w- c:\program files\common files\OnlineFilesManager.dll
    2010-04-23 15:27:35 190464 ----a-w- c:\program files\common files\OnlineFilesManager.dll.old
    2008-05-07 23:34:00 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe

    ============= FINISH: 20:56:40.93 ===============
  18. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    DDS log #2

    The instructions say not to include the second DDS log unless it is specifically requested. Please let me know if you need it.
  19. crunchie

    crunchie Malware Helper Posts: 761

    Actually our instructions ask for both to be posted, but not to worry :).
    Couple of minor thins stand out there, but I will need you to download OTL.

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    OTL log

    I followed your instructions exactly but for some reason it only generated an OTL log. No file called Extras came up or was saved. The OTL log is below:

    OTL logfile created on: 11/14/2010 10:17:53 PM - Run 8
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\John B. Morgan IV\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 79.99 Gb Total Space | 1.96 Gb Free Space | 2.45% Space Free | Partition Type: NTFS
    Drive D: | 61.20 Gb Total Space | 2.02 Gb Free Space | 3.31% Space Free | Partition Type: NTFS
    Drive E: | 7.82 Gb Total Space | 1.68 Gb Free Space | 21.45% Space Free | Partition Type: NTFS

    Computer Name: ATHENA | User Name: John B. Morgan IV | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
    PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2009/12/18 00:55:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/12/18 00:54:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2009/10/07 14:03:36 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
    PRC - [2009/08/26 18:44:34 | 000,902,144 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    PRC - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
    PRC - [2008/09/17 02:06:04 | 000,484,880 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\EmoDio\SMSTray.exe
    PRC - [2008/09/03 21:49:56 | 000,311,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    PRC - [2008/09/03 13:34:42 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCTRL.EXE
    PRC - [2008/09/02 22:32:00 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    PRC - [2008/09/02 22:28:14 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
    PRC - [2008/08/22 19:18:44 | 000,204,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDDECT.EXE
    PRC - [2008/05/21 03:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    PRC - [2007/12/20 01:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
    PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2004/08/04 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\brrgckcn.dll -- (LanmanSrv)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/04/05 06:48:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/12/18 00:55:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
    SRV - [2007/10/25 17:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/08/24 17:53:24 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser2.sys -- (NWVMPort2)
    DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser.sys -- (NWVMPort)
    DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmmdm.sys -- (NWVMModem)
    DRV - [2008/08/25 03:59:40 | 000,026,112 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
    DRV - [2008/08/12 18:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/04/29 01:03:20 | 000,016,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rkpavproc1.sys -- (RkPavproc1)
    DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/08 17:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
    DRV - [2008/03/11 21:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
    DRV - [2007/12/20 01:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/05/03 06:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2007/03/28 09:22:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2004/08/03 22:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
    DRV - [2004/08/03 21:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arktos.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_English Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.arktos.com/"
    FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
    FF - prefs.js..keyword.URL: "http://in.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_in&p="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/08/01 11:59:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 00:37:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 00:37:55 | 000,000,000 | ---D | M]

    [2009/03/07 12:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Extensions
    [2010/11/12 21:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions
    [2010/08/09 22:27:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/11 22:12:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/05/06 02:54:18 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
    [2010/07/20 22:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/06/19 02:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\DTToolbar@toolbarnet.com
    [2009/05/20 08:11:27 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\ask.xml
    [2009/03/25 01:22:56 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\conduit.xml
    [2010/06/19 02:41:56 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\daemon-search.xml
    [2010/11/12 21:45:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/10/19 08:29:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

    O1 HOSTS File: ([2010/08/20 14:06:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
    O4 - HKLM..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [MobiLink3] C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe (Novatel Wireless Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
    O4 - Startup: C:\Documents and Settings\John B. Morgan IV\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: bobibanking.com ([www] https in Local intranet)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849575053 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263849552381 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.194.38.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/02 12:33:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/14 22:16:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
    [2010/11/12 15:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\winlogon.exe
    [2010/11/11 14:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Application Data\com.adobe.ExMan
    [2010/10/20 13:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Desktop\ABBYY.FineReader.10.Corporate.Edition.Multilanguage-I_KnoW
    [2010/04/09 03:51:33 | 000,190,464 | ---- | C] (Microsoft) -- C:\Program Files\Common Files\OnlineFilesManager.dll.old
    [2008/09/11 08:03:04 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install AiGuruU1 Skype Phone.exe

    ========== Files - Modified Within 30 Days ==========

    [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
    [2010/11/14 21:25:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [2010/11/14 19:36:12 | 013,836,576 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Polignano.mp3
    [2010/11/14 07:14:38 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/14 07:14:13 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\QPLOCLGP.job
    [2010/11/14 07:14:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/14 02:30:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/11/14 02:30:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/11/13 03:05:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010/11/13 03:05:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010/11/13 01:31:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/11/13 01:31:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/11/13 01:21:13 | 000,073,756 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\codreanu appendix.docx
    [2010/11/13 01:00:40 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Codreanubilder-rev.doc
    [2010/11/12 21:31:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/11/12 17:23:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/11/12 17:23:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/11/12 16:55:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/11/12 16:55:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/11/12 15:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/11/12 15:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/11/12 14:49:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/11/12 14:49:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010/11/12 04:13:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/11/12 04:13:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/11/12 04:13:14 | 000,105,984 | RHS- | M] () -- C:\WINDOWS\System32\msvcrt208.dll
    [2010/11/11 04:42:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/11/11 04:42:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/11/09 18:11:54 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\working copy letter 9NOV.doc
    [2010/11/09 02:36:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/11/09 02:36:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/11/09 02:36:00 | 000,010,150 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Saturday 10 AM.docx
    [2010/11/08 13:19:19 | 000,446,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/08 13:19:19 | 000,073,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/08 03:51:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/11/08 03:51:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2010/11/07 04:14:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/11/07 04:14:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/11/06 04:07:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/11/06 04:07:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/11/05 22:15:37 | 000,691,758 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\At SK Camp Hyd 10.jpg
    [2010/11/05 01:36:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/11/05 01:36:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/11/04 12:57:46 | 004,405,936 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\Democracy_in_France.pdf
    [2010/11/04 03:01:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/11/04 03:01:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/11/03 03:54:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/11/03 03:54:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/11/02 03:21:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/11/02 03:21:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/10/31 01:47:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/10/31 01:47:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/10/30 02:19:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/10/30 02:19:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/10/30 01:50:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/10/30 01:50:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/10/28 23:15:08 | 848,217,088 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\jbmorgan.pst
    [2010/10/27 23:38:11 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/27 23:09:16 | 000,013,609 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Born Again.docx
    [2010/10/20 14:30:26 | 000,061,907 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\The Thule Society.docx
    [2010/10/19 22:16:52 | 000,422,185 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\BLUEPRINT FOR SOCIO-SPIRITUAL REVOLUTION by Vraja Kishor dasa.webarchive
    [2010/10/19 22:15:48 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/10/17 23:15:27 | 000,000,275 | ---- | M] () -- C:\Shortcut to Local Disk (D).lnk
    [2010/10/17 20:49:40 | 000,190,976 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/17 16:11:39 | 000,118,042 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\ganesh_havan_3.jpg

    ========== Files Created - No Company Name ==========

    [2010/11/14 19:34:13 | 013,836,576 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Polignano.mp3
    [2010/11/13 01:09:10 | 000,073,756 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\codreanu appendix.docx
    [2010/11/13 00:53:07 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Codreanubilder-rev.doc
    [2010/11/12 15:36:17 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/11/12 04:13:15 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\QPLOCLGP.job
    [2010/11/12 04:13:14 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\msvcrt208.dll
    [2010/11/09 16:06:01 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\working copy letter 9NOV.doc
    [2010/11/09 02:36:00 | 000,010,150 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Saturday 10 AM.docx
    [2010/11/05 22:15:36 | 000,691,758 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\At SK Camp Hyd 10.jpg
    [2010/11/04 12:55:46 | 004,405,936 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\Democracy_in_France.pdf
    [2010/10/27 23:38:11 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/27 18:06:28 | 000,013,609 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Born Again.docx
    [2010/10/20 14:29:47 | 000,061,907 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\The Thule Society.docx
    [2010/10/20 00:36:50 | 000,015,847 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\GHP appearance.docx
    [2010/10/19 22:16:52 | 000,422,185 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\BLUEPRINT FOR SOCIO-SPIRITUAL REVOLUTION by Vraja Kishor dasa.webarchive
    [2010/10/17 23:15:27 | 000,000,275 | ---- | C] () -- C:\Shortcut to Local Disk (D).lnk
    [2010/10/17 16:11:38 | 000,118,042 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\ganesh_havan_3.jpg
    [2010/09/29 13:23:08 | 000,015,228 | ---- | C] () -- C:\WINDOWS\alchemy.ini
    [2010/08/17 11:45:04 | 000,445,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/08/02 16:00:20 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/07/19 14:28:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/04/09 03:51:33 | 000,052,355 | ---- | C] () -- C:\Program Files\Common Files\OnlineFilesManager.dll
    [2010/02/24 04:56:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL50.dll
    [2009/11/24 15:45:16 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2009/04/24 06:53:26 | 000,016,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rkpavproc1.sys
    [2009/03/17 01:01:54 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/06 12:12:39 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\wklnhst.dat
    [2009/03/06 11:02:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2009/02/13 08:45:41 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\fusioncache.dat
    [2008/09/17 02:06:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2008/09/17 02:06:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2008/09/17 02:06:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2008/09/17 02:06:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
    [2008/09/11 22:22:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/09/11 08:07:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2008/09/11 08:07:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2008/09/11 08:07:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2008/09/11 08:07:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2008/09/11 08:07:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2008/09/11 08:07:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2008/09/11 05:59:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2008/08/09 09:32:28 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/08/09 02:41:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/30 21:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
    [2008/03/17 17:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

    ========== LOP Check ==========

    [2010/08/04 11:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/08/01 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2009/09/10 23:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/06/19 02:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/08/04 10:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/02/24 04:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagneticOne Store Manager for Magento
    [2010/09/01 00:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
    [2010/03/30 10:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2010/08/04 13:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/09/29 21:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/15 09:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/11/11 14:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\com.adobe.ExMan
    [2010/06/19 03:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DAEMON Tools Lite
    [2010/07/01 09:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DataCast
    [2010/11/14 22:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DNA
    [2010/11/14 07:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox
    [2008/09/11 22:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\InterVideo
    [2010/09/15 16:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Kernel for Outlook
    [2010/03/30 10:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Leadertech
    [2009/03/06 12:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Template
    [2010/06/19 05:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Uniblue
    [2010/10/30 01:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\uTorrent
    [2009/02/16 02:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Windows Live Writer
    [2010/06/21 07:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\ZTEEVDO
    [2010/06/21 07:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\ZTEMTUI
    [2010/11/14 21:25:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    [2010/11/12 21:31:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2010/11/14 07:14:13 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\Tasks\QPLOCLGP.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 02:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
    [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
    [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
    [2004/08/04 02:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2004/08/04 02:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 02:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
    [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
    [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
    [2004/08/04 02:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2004/08/04 02:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
    [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
    [2004/08/04 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2004/08/04 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
    [2004/08/04 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
    [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
    [2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
    [2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
    [2004/08/04 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2004/08/04 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
    [2004/08/04 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2004/08/04 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
    [2004/08/04 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
    [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
    [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2004/08/04 02:00:00 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
    [2010/11/12 04:13:14 | 000,105,984 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt208.dll

    < %systemroot%\System32\config\*.sav >
    [2010/08/02 07:31:53 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/08/02 11:05:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2010/08/02 07:31:53 | 037,224,448 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/08/02 07:31:53 | 010,485,760 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 351779 bytes -> C:\WINDOWS\Temp:temp
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
  21. crunchie

    crunchie Malware Helper Posts: 761

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
      FF - prefs.js..network.proxy.http_port: 50370
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
      :Commands
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    ====

    How are things now?
  22. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Had a chance yet?

    I don't mean to be impatient but it's been a week and I was wondering if you'd had a chance to look at this yet. I'm still having a few weird problems, such as when I try to pull up a site through Google and I get redirected to other sites.
  23. crunchie

    crunchie Malware Helper Posts: 761

    Go back up a post. I already answered a week ago. By rights I should have already closed the thread.
  24. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    OTL scans 1

    Dear Crunchie, I apologize for the delay. I hadn't realized that this thread had gone onto a second page and didn't see your reply until after you called my attention to it.

    The first time I ran OTL Custom Fix, when it was done I tried to reboot but as soon as I touched the keyboard I got the "blue screen of death" instead, and didn't get a chance to save the log. I restarted my machine and it seemed to be OK after that. I ran the Custom Fix again and the log is below. I'm not sure but it may have happened because I forgot to close my browser until after I started the Fix. Here's the log that was generated during the second fix:

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Prefs.js: 50370 removed from network.proxy.http_port
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: John B. Morgan IV
    ->Temp folder emptied: 634883 bytes
    ->Temporary Internet Files folder emptied: 46548 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5086803 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 793 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.17.3 log created on 11222010_124013

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  25. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Second OTL scan

    Below is the scan I ran following the reboot after the OTL Fix was finished. By the way everything seems to be OK now - Google is working properly again.

    OTL logfile created on: 11/22/2010 2:36:33 PM - Run 10
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\John B. Morgan IV\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 79.99 Gb Total Space | 1.62 Gb Free Space | 2.03% Space Free | Partition Type: NTFS
    Drive D: | 61.20 Gb Total Space | 2.02 Gb Free Space | 3.31% Space Free | Partition Type: NTFS
    Drive E: | 7.82 Gb Total Space | 1.68 Gb Free Space | 21.45% Space Free | Partition Type: NTFS

    Computer Name: ATHENA | User Name: John B. Morgan IV | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
    PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2009/12/18 00:55:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/12/18 00:54:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2009/10/07 14:03:36 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
    PRC - [2009/08/26 18:44:34 | 000,902,144 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    PRC - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
    PRC - [2008/09/17 02:06:04 | 000,484,880 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\EmoDio\SMSTray.exe
    PRC - [2008/09/03 21:49:56 | 000,311,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    PRC - [2008/09/03 13:34:42 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCTRL.EXE
    PRC - [2008/09/02 22:32:00 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    PRC - [2008/09/02 22:28:14 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
    PRC - [2008/08/22 19:18:44 | 000,204,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDDECT.EXE
    PRC - [2008/05/21 03:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    PRC - [2007/12/20 01:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
    PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2004/08/04 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\brrgckcn.dll -- (LanmanSrv)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/04/05 06:48:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/12/18 00:55:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
    SRV - [2007/10/25 17:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/08/24 17:53:24 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser2.sys -- (NWVMPort2)
    DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser.sys -- (NWVMPort)
    DRV - [2009/05/15 13:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmmdm.sys -- (NWVMModem)
    DRV - [2008/08/25 03:59:40 | 000,026,112 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
    DRV - [2008/08/12 18:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/04/29 01:03:20 | 000,016,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rkpavproc1.sys -- (RkPavproc1)
    DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/08 17:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
    DRV - [2008/03/11 21:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
    DRV - [2007/12/20 01:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/05/03 06:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2007/03/28 09:22:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2004/08/03 22:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
    DRV - [2004/08/03 21:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arktos.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_English Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.arktos.com/"
    FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
    FF - prefs.js..keyword.URL: "http://in.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_in&p="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/08/01 11:59:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 00:37:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 00:37:55 | 000,000,000 | ---D | M]

    [2009/03/07 12:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Extensions
    [2010/11/17 17:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions
    [2010/08/09 22:27:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/11 22:12:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/05/06 02:54:18 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
    [2010/07/20 22:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/06/19 02:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\extensions\DTToolbar@toolbarnet.com
    [2009/05/20 08:11:27 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\ask.xml
    [2009/03/25 01:22:56 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\conduit.xml
    [2010/06/19 02:41:56 | 000,002,395 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Profiles\wlrr7xnj.default\searchplugins\daemon-search.xml
    [2010/11/17 17:08:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/10/19 08:29:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll

    O1 HOSTS File: ([2010/11/22 12:40:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
    O4 - HKLM..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [MobiLink3] C:\Program Files\Novatel Wireless\Virgin Mobile\MobiLink3.exe (Novatel Wireless Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
    O4 - Startup: C:\Documents and Settings\John B. Morgan IV\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: bobibanking.com ([www] https in Local intranet)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849575053 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263849552381 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\John B. Morgan IV\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/02 12:33:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/17 20:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Desktop\Blood Axis-Born Again
    [2010/11/17 19:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sumkali
    [2010/11/17 19:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Desktop\YP-Q1J (D)
    [2010/11/14 22:16:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
    [2010/11/12 15:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\winlogon.exe
    [2010/11/11 14:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John B. Morgan IV\Application Data\com.adobe.ExMan
    [2010/04/09 03:51:33 | 000,190,464 | ---- | C] (Microsoft) -- C:\Program Files\Common Files\OnlineFilesManager.dll.old
    [2008/09/11 08:03:04 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install AiGuruU1 Skype Phone.exe

    ========== Files - Modified Within 30 Days ==========

    [2010/11/22 12:41:50 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\QPLOCLGP.job
    [2010/11/22 12:41:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/22 12:40:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/11/22 12:40:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/11/22 12:40:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/11/22 12:25:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [2010/11/22 12:17:28 | 042,583,353 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Inspire No2.pdf
    [2010/11/22 01:20:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/11/22 01:20:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/11/21 18:30:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/11/21 18:30:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/11/21 18:20:37 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/19 21:05:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/11/19 21:05:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2010/11/19 19:53:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/11/19 19:53:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/11/19 18:46:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/11/19 18:46:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/11/19 18:01:04 | 013,690,606 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Cushman.mp3
    [2010/11/18 14:56:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/11/18 14:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/11/18 02:28:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/11/18 02:28:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/11/17 20:48:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/11/17 20:48:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/11/17 20:07:08 | 000,172,544 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Contemporary Esotericism - Traditionalism and ENR.doc
    [2010/11/17 18:43:17 | 000,054,717 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Receipt 000149 - From MoneyWorks 1dc20a.pdf
    [2010/11/16 20:33:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/11/16 20:33:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/11/16 16:46:21 | 000,382,464 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\droits.doc
    [2010/11/16 04:12:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/11/16 04:12:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/11/15 05:20:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/11/15 05:20:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/11/15 03:40:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/11/15 03:40:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/11/14 22:16:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John B. Morgan IV\Desktop\OTL.exe
    [2010/11/14 19:36:12 | 013,836,576 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Polignano.mp3
    [2010/11/14 02:30:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/11/14 02:30:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/11/13 03:05:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010/11/13 03:05:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010/11/13 01:31:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/11/13 01:31:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/11/13 01:21:13 | 000,073,756 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\codreanu appendix.docx
    [2010/11/13 01:00:40 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Codreanubilder-rev.doc
    [2010/11/12 21:31:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/11/12 17:23:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/11/12 17:23:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/11/12 16:55:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/11/12 16:55:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/11/12 15:26:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/11/12 15:26:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/11/12 14:49:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/11/12 14:49:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010/11/12 04:13:14 | 000,105,984 | RHS- | M] () -- C:\WINDOWS\System32\msvcrt208.dll
    [2010/11/09 18:11:54 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\working copy letter 9NOV.doc
    [2010/11/09 02:36:00 | 000,010,150 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Saturday 10 AM.docx
    [2010/11/08 13:19:19 | 000,446,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/08 13:19:19 | 000,073,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/04 12:57:46 | 004,405,936 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\Democracy_in_France.pdf
    [2010/10/28 23:15:08 | 848,217,088 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\jbmorgan.pst
    [2010/10/27 23:38:11 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/27 23:09:16 | 000,013,609 | ---- | M] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Born Again.docx

    ========== Files Created - No Company Name ==========

    [2010/11/22 12:11:00 | 042,583,353 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Inspire No2.pdf
    [2010/11/18 14:50:40 | 013,690,606 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Cushman.mp3
    [2010/11/17 20:07:08 | 000,172,544 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Contemporary Esotericism - Traditionalism and ENR.doc
    [2010/11/17 18:43:16 | 000,054,717 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Receipt 000149 - From MoneyWorks 1dc20a.pdf
    [2010/11/16 16:46:20 | 000,382,464 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\droits.doc
    [2010/11/14 19:34:13 | 013,836,576 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Sunic interviews Polignano.mp3
    [2010/11/13 01:09:10 | 000,073,756 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\codreanu appendix.docx
    [2010/11/13 00:53:07 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Codreanubilder-rev.doc
    [2010/11/12 15:36:17 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/11/12 04:13:15 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\QPLOCLGP.job
    [2010/11/12 04:13:14 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\msvcrt208.dll
    [2010/11/09 16:06:01 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\working copy letter 9NOV.doc
    [2010/11/09 02:36:00 | 000,010,150 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Saturday 10 AM.docx
    [2010/11/04 12:55:46 | 004,405,936 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\My Documents\Democracy_in_France.pdf
    [2010/10/27 23:38:11 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/27 18:06:28 | 000,013,609 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Desktop\Born Again.docx
    [2010/09/29 13:23:08 | 000,015,228 | ---- | C] () -- C:\WINDOWS\alchemy.ini
    [2010/08/17 11:45:04 | 000,445,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/08/02 16:00:20 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/07/19 14:28:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/04/09 03:51:33 | 000,052,355 | ---- | C] () -- C:\Program Files\Common Files\OnlineFilesManager.dll
    [2010/02/24 04:56:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL50.dll
    [2009/11/24 15:45:16 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2009/04/24 06:53:26 | 000,016,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rkpavproc1.sys
    [2009/03/17 01:01:54 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/06 12:12:39 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Application Data\wklnhst.dat
    [2009/03/06 11:02:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2009/02/13 08:45:41 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\John B. Morgan IV\Local Settings\Application Data\fusioncache.dat
    [2008/09/17 02:06:22 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2008/09/17 02:06:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2008/09/17 02:06:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2008/09/17 02:06:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
    [2008/09/11 22:22:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/09/11 08:07:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2008/09/11 08:07:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2008/09/11 08:07:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2008/09/11 08:07:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2008/09/11 08:07:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2008/09/11 08:07:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2008/09/11 05:59:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2008/08/09 09:32:28 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/08/09 02:41:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/30 21:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
    [2008/03/17 17:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

    ========== LOP Check ==========

    [2010/08/04 11:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/08/01 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2009/09/10 23:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/06/19 02:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/08/04 10:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/02/24 04:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagneticOne Store Manager for Magento
    [2010/09/01 00:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
    [2010/03/30 10:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2010/08/04 13:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/09/29 21:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/15 09:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/11/11 14:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\com.adobe.ExMan
    [2010/06/19 03:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DAEMON Tools Lite
    [2010/07/01 09:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DataCast
    [2010/11/22 14:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\DNA
    [2010/11/22 12:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox
    [2008/09/11 22:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\InterVideo
    [2010/09/15 16:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Kernel for Outlook
    [2010/03/30 10:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Leadertech
    [2009/03/06 12:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Template
    [2010/06/19 05:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Uniblue
    [2010/10/30 01:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\uTorrent
    [2009/02/16 02:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\Windows Live Writer
    [2010/06/21 07:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\ZTEEVDO
    [2010/06/21 07:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John B. Morgan IV\Application Data\ZTEMTUI
    [2010/11/22 12:25:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    [2010/11/12 21:31:03 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2010/11/22 12:41:50 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\Tasks\QPLOCLGP.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 351779 bytes -> C:\WINDOWS\Temp:temp
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.