Solved From AntiVirus2010 to Server Not Found

Status
Not open for further replies.
Dial-a-fix
Error calling system32\srclient.dll (Seemed to be scanning syshell when this error popped up, too close to tell)
Error running msiexec.exe (I had this problem for a while with MBAM)

Ran the winsock repair

Question about framedyn.dll and dgnet.dll, the two dlls I'm having problems with running netsh int.... in CMD. These two should just go in windows>system 32 correct? Then I type regsvr32 framedyn.dll and regsvr32 dgnet.dll respectively into CMD. Rebooting.
 
AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH PING YAHOO.COM WORKS im scared to open firefox

Anyway that is out of the way now and after I explained to the neighbors those were screams of joy not bloody murder when I ran around my apartment bear hugging my roommate. I setup his Avast to run a complete system scan (every file) once a week while he is asleep so this issue should not come up again. Thank you very much for the help Broni, I owe you a beer.

As far as my computer goes, I still have those 7 infected files in my memory. Avast can't get to them because I can't schedule a boot time scan since I'm on a 64bit OS. What route should I take for this?
 
Great news, but we're not done here yet.
Cleaning process has to be finished...

I still have those 7 infected files in my memory
Click to expand...
I need more details...
 
Hmmm I don't have .txt logs but I think these are just false-positives brought up by Malwarebyte.

They all start like this

Process 5492 [mbam.exe] 0x000etcetc..... and each one is a dif virus:
JS:ScriptSH-inf [Trj]
Win32:Tiny-AGF [Trj]
Win32: VB-KZL [Drp]
Win32: Jifas-FY [Trj]
Win32: Jifas-DA [Trj]
Win32: Bamital-G [Trj]
Win32: Bomzh [Wrm]
 
Did you run the scan right now?
Combofix would recognize Bamital infection and I didn't see anything there.

In any case....
1. Re-run Avast full scan and let me know, if it detected anything.
2. Re-run Combofix, allow recovery console installation and post fresh log.
 
Just to clarify, the viruses I just mentioned are on my own personal computer, not the one we've been working on. I ran the complete scan on my computer again last night and it came up completely clean. Combofix does not work with windows 7.

I was up extremely late last night finalizing my roommate's computer, the one we have been working on. A full scan with avast along with a boot scan came up clean. Combofix, Malwarebyte and Spybot SnD also showed no problems. I uninstalled and reinstalled Adobe and Java, making sure they were up to date. Windows update is also now completely up to date.

The only hiccup I had was a problem with system security settings not allowing me to run Windows Installer. While trying to install Adobe I would get the error "msiexec.exe is already running." The services list said it was disabled and there was no process msiexec.exe running. I ended up downloading Windows Installer 4.5 from Microsoft, then running a CMD prompt to reset the system security protocols to default. This gave me access to delete the necessary msi.dll and .exe files and clear them from the registry. Then I ran the Windows Installer 4.5 after creating new msi.dll and .exe files through command prompt.

Framedyn.dll was an easy fix. I learned renaming the file from the i386 folder FRAMEDYN.DL_ to framedyn.dll is not correct, and that the file needed to be expanded via the windows expand command. There were also some issues with the Path variable having a typo, causing the system to pop up a framedyn.dll is not a valid windows image, with rstrui.exe in the title of the error prompt.

Expand framedyn.dl_ - http://bertk.mvps.org/html/error.html
Fixing msi files and resetting system security - http://social.msdn.microsoft.com/Fo...l/thread/9a7d0dbf-768c-4f5e-befb-9af63ca9178c

I think this thread is solved. Thanks again Broni for all the help, my roommate is very grateful to have his computer back and running better than ever. If there is anything else that needs to be done I'll keep checking here until the thread is closed.

-Ciao
Madogmurpy
 
I'm glad to see the computer in much better shape, but we need to perform couple more steps to see, nothing is hiding there.

1. Please do not mix two computers info in one topic. It confuses me.
2. Do not make any changes to the computer, but only what I ask for. You can be sure, I'll let you know, when we're 100% done.

Now....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni said:
I'm glad to see the computer in much better shape, but we need to perform couple more steps to see, nothing is hiding there.

1. Please do not mix two computers info in one topic. It confuses me.
2. Do not make any changes to the computer, but only what I ask for. You can be sure, I'll let you know, when we're 100% done.
Click to expand...

You're the boss.

OTL-

OTL logfile created on: 10/22/2010 2:37:40 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Devin Marks\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.29 Gb Total Space | 259.16 Gb Free Space | 89.90% Space Free | Partition Type: NTFS

Computer Name: DEVINSLAPTOP | User Name: Devin Marks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/22 14:36:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devin Marks\Desktop\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/07/21 11:44:12 | 000,225,362 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\XPM09_6047v002\WDM\stacsv.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (SafeList) ==========

MOD - [2010/10/22 14:36:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devin Marks\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 05:41:54 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/21 11:44:12 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\XPM09_6047v002\WDM\stacsv.exe -- (STacSV)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/27 10:41:38 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DEVINM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/11/21 19:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/11 11:52:48 | 006,047,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/07/24 11:03:00 | 000,289,664 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/07/21 11:46:18 | 001,384,595 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/07/21 00:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2008/07/11 13:15:10 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/06/26 07:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/17 04:34:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.golfwrx.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/22 14:25:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/22 14:25:01 | 000,000,000 | ---D | M]

[2010/03/23 19:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devin Marks\Application Data\Mozilla\Extensions
[2010/03/23 19:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devin Marks\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/21 03:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devin Marks\Application Data\Mozilla\Firefox\Profiles\ncmgdi9m.default\extensions
[2010/09/09 18:15:30 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Application Data\Mozilla\Firefox\Profiles\ncmgdi9m.default\searchplugins\askcom.xml
[2010/10/21 23:10:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/21 03:25:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/21 03:24:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2002/04/18 08:39:16 | 000,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npipcd3.dll
[2005/01/19 20:48:22 | 000,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npiPLATO_22.dll

O1 HOSTS File: ([2010/10/21 04:28:45 | 000,422,512 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14591 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Devin Marks\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Devin Marks\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/23 03:06:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/22 14:36:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Devin Marks\Desktop\OTL.exe
[2010/10/21 16:00:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/10/21 12:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/21 12:18:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/10/21 12:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/10/21 12:17:59 | 000,000,000 | ---D | C] -- C:\55b73553916105475be9bf7a2f55
[2010/10/21 12:16:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/21 12:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devin Marks\Local Settings\Application Data\Identities
[2010/10/21 12:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devin Marks\Application Data\Windows Desktop Search
[2010/10/21 12:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/10/21 12:13:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/10/21 12:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/10/21 12:11:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/10/21 12:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/10/21 12:09:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/10/21 03:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/21 03:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/21 03:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/21 03:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/21 02:48:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Devin Marks\UserData
[2010/10/21 02:45:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/21 02:35:17 | 000,000,000 | ---D | C] -- C:\2f7900ba3964b2a636c0ef48f5908584
[2010/10/21 02:11:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/21 02:00:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/21 01:14:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/10/21 00:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devin Marks\Desktop\SYSFILESDONOTDELETE
[2010/10/20 21:20:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/20 21:20:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/20 21:20:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/20 21:20:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/20 21:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/20 21:19:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/19 15:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/19 15:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/19 15:14:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2010/10/19 15:13:30 | 000,000,000 | ---D | C] -- C:\Inetpub
[2010/10/19 09:21:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Devin Marks\Recent
[2010/10/19 09:16:58 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/19 09:16:58 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/10/19 09:16:57 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/19 09:16:57 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/19 09:16:56 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/19 09:16:56 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/19 09:16:56 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/19 09:16:51 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/19 09:16:51 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/19 08:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot
[2010/10/19 06:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devin Marks\Local Settings\Application Data\Help
[2010/10/19 06:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devin Marks\Application Data\Help
[2010/10/19 06:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/19 06:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devin Marks\Application Data\Resource Tuner
[2010/10/19 06:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Tuner
[2010/10/19 05:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\bisquick
[2010/10/19 05:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/19 05:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/19 03:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/19 01:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/10/18 23:21:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/10/18 22:54:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trend Micro
[2010/10/18 22:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Trend Micro
[2010/10/18 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/18 19:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/18 18:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/10/18 18:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/10/17 14:36:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/17 14:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/10/17 12:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devin Marks\Application Data\Malwarebytes
[2010/10/17 12:56:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/17 12:56:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/17 12:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/17 12:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/16 17:46:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/10/16 17:38:22 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/10/10 17:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Devin Marks\tmp
[2010/10/01 00:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/01 00:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/01 00:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/23 15:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\PWLN
[2010/08/22 15:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/08/06 13:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/03/23 03:01:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Devin Marks\Application Data\pcouffin.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/22 14:38:42 | 002,099,630 | ---- | M] () -- C:\trace.atf
[2010/10/22 14:36:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devin Marks\Desktop\OTL.exe
[2010/10/22 13:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/21 19:28:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/21 13:32:45 | 000,575,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/21 13:32:45 | 000,112,472 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/21 13:30:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/21 13:28:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 12:47:36 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/21 12:14:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/21 12:13:27 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/10/21 12:12:33 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/21 12:12:32 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/10/21 12:12:32 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/10/21 12:11:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/10/21 04:28:45 | 000,422,512 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/21 04:20:47 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Desktop\Spybot - Search & Destroy.lnk
[2010/10/21 03:34:12 | 000,069,987 | ---- | M] () -- C:\WINDOWS\System32\FRAMEDYN.DL_
[2010/10/21 03:34:12 | 000,069,987 | ---- | M] () -- C:\WINDOWS\System32\dllcache\FRAMEDYN.DL_
[2010/10/21 03:29:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/21 03:22:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/21 02:55:41 | 003,153,920 | ---- | M] () -- C:\Documents and Settings\Devin Marks\secsetup.sdb
[2010/10/21 02:16:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-042845.backup
[2010/10/20 22:36:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/10/19 14:52:11 | 000,001,408 | ---- | M] () -- C:\Documents and Settings\Devin Marks\My Documents\cc_20101019_145206.reg
[2010/10/19 10:58:13 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/10/19 09:58:23 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Devin Marks\My Documents\cc_20101019_095818.reg
[2010/10/19 09:21:20 | 000,003,410 | ---- | M] () -- C:\Documents and Settings\Devin Marks\My Documents\cc_20101019_092101.reg
[2010/10/19 09:16:58 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/19 09:16:57 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/19 08:32:21 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Desktop\Shortcut to Updates.lnk
[2010/10/19 08:23:26 | 000,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101019-084730.backup
[2010/10/19 06:58:12 | 000,021,084 | ---- | M] () -- C:\Documents and Settings\Devin Marks\My Documents\cc_20101019_065728.reg
[2010/10/19 06:56:52 | 000,008,628 | -H-- | M] () -- C:\WINDOWS\System32\cmmgr32.GID
[2010/10/19 05:05:34 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\winlogon.exe.lnk
[2010/10/19 02:22:01 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101019-082326.backup
[2010/10/19 01:27:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EXCH_regtrace.INI
[2010/10/17 14:02:58 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/10/01 00:08:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/27 14:39:00 | 000,056,840 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/20 00:20:58 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 13:36:02 | 000,011,153 | ---- | M] () -- C:\Documents and Settings\Devin Marks\My Documents\To Love and To Cherish.docx
[2010/09/07 13:15:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Desktop\Microsoft Office Word 2007.lnk
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 09:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/27 16:47:34 | 000,010,716 | ---- | M] () -- C:\Documents and Settings\Devin Marks\My Documents\Legible Clothing.docx
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/21 12:13:27 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/10/21 12:11:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/10/21 04:20:47 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Devin Marks\Desktop\Spybot - Search & Destroy.lnk
[2010/10/21 03:51:14 | 000,069,987 | ---- | C] () -- C:\WINDOWS\System32\FRAMEDYN.DL_
[2010/10/21 03:22:26 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/21 03:19:59 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Devin Marks\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/21 02:55:40 | 003,153,920 | ---- | C] () -- C:\Documents and Settings\Devin Marks\secsetup.sdb
[2010/10/21 02:00:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/21 02:00:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/20 23:00:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Devin Marks\ipconfig_all.txt
[2010/10/20 21:20:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/20 21:20:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/20 21:20:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/20 21:20:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/20 21:20:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/19 15:14:11 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/10/19 15:14:11 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2010/10/19 15:14:11 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/10/19 15:14:11 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2010/10/19 15:13:54 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/10/19 15:13:54 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/10/19 15:13:54 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2010/10/19 15:13:54 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2010/10/19 15:13:52 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/10/19 15:13:52 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2010/10/19 15:13:51 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/10/19 15:13:51 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/10/19 15:13:51 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/10/19 15:13:51 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/10/19 15:13:51 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/10/19 15:13:51 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/10/19 15:13:51 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/10/19 15:13:51 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/10/19 15:13:51 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/10/19 15:13:51 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/10/19 15:13:50 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/10/19 15:13:50 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/10/19 15:13:50 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/10/19 15:13:50 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2010/10/19 15:13:50 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/10/19 15:13:50 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/10/19 15:13:50 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/10/19 15:13:50 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2010/10/19 15:13:50 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2010/10/19 15:13:50 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2010/10/19 15:12:46 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/10/19 14:52:07 | 000,001,408 | ---- | C] () -- C:\Documents and Settings\Devin Marks\My Documents\cc_20101019_145206.reg
[2010/10/19 11:52:19 | 000,001,354 | ---- | C] () -- C:\Documents and Settings\Devin Marks\resetlog.txt
[2010/10/19 11:05:23 | 000,006,099 | ---- | C] () -- C:\Documents and Settings\Devin Marks\reset.log
[2010/10/19 11:01:05 | 000,001,373 | ---- | C] () -- C:\Documents and Settings\Devin Marks\IpcfgAll.txt
[2010/10/19 09:58:19 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Devin Marks\My Documents\cc_20101019_095818.reg
[2010/10/19 09:21:06 | 000,003,410 | ---- | C] () -- C:\Documents and Settings\Devin Marks\My Documents\cc_20101019_092101.reg
[2010/10/19 09:16:58 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/19 08:32:21 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Devin Marks\Desktop\Shortcut to Updates.lnk
[2010/10/19 06:57:31 | 000,021,084 | ---- | C] () -- C:\Documents and Settings\Devin Marks\My Documents\cc_20101019_065728.reg
[2010/10/19 06:56:17 | 000,008,628 | -H-- | C] () -- C:\WINDOWS\System32\cmmgr32.GID
[2010/10/19 04:47:42 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\winlogon.exe.lnk
[2010/10/19 01:38:57 | 002,099,134 | ---- | C] () -- C:\trace.atf
[2010/10/19 01:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EXCH_regtrace.INI
[2010/10/17 14:02:56 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/10/01 00:10:23 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/01 00:08:06 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/23 15:48:44 | 000,040,688 | ---- | C] () -- C:\WINDOWS\System32\Zcipro1.ttf
[2010/09/23 15:48:44 | 000,040,140 | ---- | C] () -- C:\WINDOWS\System32\INSOLF1.ttf
[2010/09/23 15:48:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PHONETIC.FON
[2010/09/23 15:48:44 | 000,031,808 | ---- | C] () -- C:\WINDOWS\System32\Zcipro4.ttf
[2010/09/23 15:48:44 | 000,025,480 | ---- | C] () -- C:\WINDOWS\System32\Zcisym.ttf
[2010/09/23 15:48:44 | 000,018,180 | ---- | C] () -- C:\WINDOWS\System32\Zcipro2.ttf
[2010/09/23 15:48:44 | 000,014,500 | ---- | C] () -- C:\WINDOWS\System32\Zcipro3.ttf
[2010/09/06 13:58:00 | 000,011,153 | ---- | C] () -- C:\Documents and Settings\Devin Marks\My Documents\To Love and To Cherish.docx
[2010/08/27 16:28:05 | 000,010,716 | ---- | C] () -- C:\Documents and Settings\Devin Marks\My Documents\Legible Clothing.docx
[2010/06/01 12:49:48 | 000,000,406 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/06/01 12:49:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbmvs.dll
[2010/06/01 12:49:17 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbmcoin.ini
[2010/06/01 12:47:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBMLCNP.DLL
[2010/03/23 03:28:09 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2010/03/23 03:10:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Devin Marks\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 03:01:39 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Devin Marks\Application Data\pcouffin.log
[2010/03/23 03:01:36 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Devin Marks\Application Data\pcouffin.cat
[2010/03/23 03:01:36 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Devin Marks\Application Data\pcouffin.inf
[2010/03/22 20:59:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2010/10/19 09:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/03 21:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/23 03:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/22 14:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devin Marks\Application Data\LimeWire
[2010/10/19 06:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devin Marks\Application Data\Resource Tuner
[2010/03/23 03:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devin Marks\Application Data\TMP
[2010/03/23 03:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devin Marks\Application Data\Vso
[2010/10/21 12:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devin Marks\Application Data\Windows Desktop Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/23 03:06:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/23 03:02:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/21 03:29:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/21 02:19:39 | 000,012,319 | ---- | M] () -- C:\ComboFix.txt
[2010/03/23 03:06:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/23 03:06:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/20 23:01:35 | 000,002,504 | ---- | M] () -- C:\ipconfig_all.txt
[2010/03/23 03:06:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/21 13:28:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/10/20 09:10:08 | 000,035,324 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_20.10.2010_09.09.35_log.txt
[2010/03/23 02:54:45 | 000,000,216 | ---- | M] () -- C:\temp.txt
[2010/10/22 14:38:42 | 002,099,630 | ---- | M] () -- C:\trace.atf

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/10/21 01:14:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/08/25 10:49:30 | 000,078,848 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBMPP5C.DLL
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/22 20:57:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/10/18 19:34:31 | 016,777,216 | -HS- | M] () -- C:\WINDOWS\system32\config\ezskjbvv.sav
[2010/03/22 20:57:46 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/22 20:57:46 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/23 03:06:28 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/21 01:14:39 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Devin Marks\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/23 03:09:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/22 14:36:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Devin Marks\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/21 01:14:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Devin Marks\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/22 14:35:32 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006/11/01 18:31:34 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >
 
< %ProgramFiles%\Messenger\*.* >
[2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 07:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 00:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 06:42:30 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 07:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 00:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 00:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\FRAMEDYN.DL_:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dllcache\FRAMEDYN.DL_:SummaryInformation

< End of report >
 
OTL Extras logfile created on: 10/22/2010 2:37:40 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Devin Marks\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 288.29 Gb Total Space | 259.16 Gb Free Space | 89.90% Space Free | Partition Type: NTFS

Computer Name: DEVINSLAPTOP | User Name: Devin Marks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Intel(R) PROSet/Wireless WiFi Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexmark 4200 Series" = Lexmark 4200 Series
"LimeWire" = LimeWire 5.5.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PLATO Web Learning Network Clients" = PLATO Web Learning Network Clients
"ProInst" = Intel PROSet Wireless
"Resource Tuner_is1" = Resource Tuner 1.99 R6
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2010 9:04:39 PM | Computer Name = DEVINSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 774140

Error - 10/19/2010 9:04:39 PM | Computer Name = DEVINSLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 774140

Error - 10/20/2010 9:44:49 AM | Computer Name = DEVINSLAPTOP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 10/20/2010 12:31:40 PM | Computer Name = DEVINSLAPTOP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 10/20/2010 10:17:16 PM | Computer Name = DEVINSLAPTOP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 10/20/2010 11:02:24 PM | Computer Name = DEVINSLAPTOP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 10/20/2010 11:24:43 PM | Computer Name = DEVINSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application notepad.exe, version 5.1.2600.5512, faulting
module comdlg32.dll, version 6.0.2900.5512, fault address 0x0002ae8a.

Error - 10/20/2010 11:36:13 PM | Computer Name = DEVINSLAPTOP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 10/21/2010 12:47:06 AM | Computer Name = DEVINSLAPTOP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 10/21/2010 12:54:31 AM | Computer Name = DEVINSLAPTOP | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ ODiag Events ]
Error - 10/19/2010 9:37:28 AM | Computer Name = DEVIN-C254E1830 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kd0. Error code: 800706BA

[ OSession Events ]
Error - 10/19/2010 9:37:28 AM | Computer Name = DEVIN-C254E1830 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/19/2010 9:38:39 AM | Computer Name = DEVIN-C254E1830 | Source = Service Control Manager | ID = 7031
Description = The Remote Registry service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 10/19/2010 9:38:44 AM | Computer Name = DEVIN-C254E1830 | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 10/19/2010 3:38:57 PM | Computer Name = DEVIN-C254E1830 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/20/2010 10:17:13 PM | Computer Name = DEVINSLAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/20/2010 10:17:13 PM | Computer Name = DEVINSLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/20/2010 10:17:16 PM | Computer Name = DEVINSLAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/20/2010 10:17:16 PM | Computer Name = DEVINSLAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/20/2010 10:18:32 PM | Computer Name = DEVINSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%2

Error - 10/21/2010 2:28:34 PM | Computer Name = DEVINSLAPTOP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 10/21/2010 2:28:41 PM | Computer Name = DEVINSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Microsoft Tun Miniport Adapter Driver service failed to start
due to the following error: %%1058


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010/09/09 18:15:30 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Devin Marks\Application Data\Mozilla\Firefox\Profiles\ncmgdi9m.default\searchplugins\askcom.xml
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\FRAMEDYN.DL_:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dllcache\FRAMEDYN.DL_:SummaryInformation


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Hey Broni, my roommate decided to up and take a road trip to Louisiana for the weekend and took his laptop with so I won't be able to run the scan until Sunday night or Monday. Just a headsup.
 
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Documents and Settings\Devin Marks\Application Data\Mozilla\Firefox\Profiles\ncmgdi9m.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET3B8.tmp deleted successfully.
C:\WINDOWS\System32\SET3B9.tmp deleted successfully.
C:\WINDOWS\System32\SET3BA.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3BB.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET3BC.tmp deleted successfully.
ADS C:\WINDOWS\System32\FRAMEDYN.DL_:SummaryInformation deleted successfully.
ADS C:\WINDOWS\System32\dllcache\FRAMEDYN.DL_:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3451360 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Devin Marks
->Temp folder emptied: 48260477 bytes
->Temporary Internet Files folder emptied: 2064877 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93734808 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 43871 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mat
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3451360 bytes
->Flash cache emptied: 41620 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3966702 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64473936 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34465 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 210.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Devin Marks
->Flash cache emptied: 0 bytes

User: LocalService

User: mat
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10242010_211828

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_77c.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c30.dat not found!

Registry entries deleted on Reboot...
 
While Security Check was starting framedyn.dll popped up another error saying not a valid windows image.


Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0
Mozilla Firefox (3.6.11) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
464
eriksnyman1
E
midian182
  • Locked
Sam Bankman-Fried has been sentenced to 25 years in prison
2
Replies
33
Views
462
Squid Surprise
Squid Surprise
midian182
Elon Musk cancels Don Lemon's show on X before debut following "tense" interview
2
Replies
38
Views
582
m3tavision
m3tavision

Latest posts

Back