Solved Posting Logs- redirect and hidden files virus

Status
Not open for further replies.
new otl log

OTL logfile created on: 6/7/2011 10:47:10 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\comers\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 487.35 Mb Available Physical Memory | 47.64% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 50.47 Gb Free Space | 45.17% Space Free | Partition Type: NTFS
Drive D: | 111.76 Gb Total Space | 111.68 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 607.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL | User Name: comers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/01 07:55:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/24 18:00:26 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/01/16 16:31:58 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/01/16 16:31:26 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/15 14:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/09 01:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
PRC - [2005/05/23 14:20:28 | 000,050,744 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe
PRC - [2005/05/20 11:11:52 | 000,357,944 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
PRC - [2005/05/11 13:05:10 | 000,108,088 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
PRC - [2005/05/09 19:17:28 | 000,108,088 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
PRC - [2005/04/13 20:51:22 | 000,385,024 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB.exe
PRC - [2004/10/08 09:49:36 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2004/06/14 02:50:45 | 000,348,256 | ---- | M] () -- C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe
PRC - [2004/06/07 10:03:58 | 000,192,617 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Program Files\Common Files\PhilipsMM\USBConnectivity.exe
PRC - [2004/04/29 07:28:00 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2002/10/16 20:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
PRC - [2002/04/17 13:19:16 | 000,069,632 | ---- | M] (Nova Development.) -- C:\Program Files\Nova Development\Photo Explosion\CalCheck.exe


========== Modules (SafeList) ==========

MOD - [2011/06/01 07:55:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/04/13 20:51:22 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\Help Support\SmartBridge\SBHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/01/16 16:31:58 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2003/08/11 04:07:38 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/30 14:46:02 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/18 14:40:40 | 000,099,840 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (Aspi32)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/01/07 18:41:12 | 000,166,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



[2010/01/30 12:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\comers\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2011/05/29 19:36:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [/AutoLaunchHDD70] C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe ()
O4 - HKLM..\Run: [A Verizon App] C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe (Verizon Internet Solutions)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk = C:\WINDOWS\Installer\{5BC304B7-84B4-43B3-8A62-EB9BC2051544}\PhotoExplosionCalendarChecker.exe ()
O4 - Startup: C:\Documents and Settings\comers\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226253832062 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.8275 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\comers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\comers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/12 10:31:01 | 000,000,025 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 10:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\JavaRa
[2011/06/07 10:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/07 10:38:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/07 10:38:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/07 10:38:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/07 10:38:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/07 10:36:26 | 000,887,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u25.exe
[2011/06/01 07:55:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
[2011/05/29 19:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/29 19:26:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/29 19:20:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/29 19:20:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/29 19:20:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/29 19:20:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/29 19:18:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/29 19:15:23 | 004,296,826 | R--- | C] (Swearware) -- C:\Documents and Settings\comers\Desktop\ComboFix.exe
[2011/05/28 07:06:21 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\comers\Desktop\aswMBR.exe
[2011/05/27 11:01:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/27 11:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\comers\Application Data\Avira
[2011/05/27 09:00:42 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\comers\Desktop\MCPR2.exe
[2011/05/25 17:09:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\comers\Start Menu\Programs\Administrative Tools
[2011/05/25 17:08:01 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\comers\Desktop\dds.scr
[2011/05/25 13:28:10 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\comers\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/25 13:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/25 13:14:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/25 13:14:21 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/25 13:14:21 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/25 13:14:21 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/25 13:14:21 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/25 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/25 13:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/25 10:30:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\comers\IECompatCache
[2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\comers\Desktop\TDSSKiller.exe
[2011/05/24 11:56:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\comers\Recent
[2009/04/07 14:23:38 | 003,089,984 | ---- | C] (HDRsoft Sarl ) -- C:\Program Files\PhotomatixPro313.exe
[2006/11/18 09:26:02 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/12/13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[2004/11/29 17:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 10:43:08 | 000,160,350 | ---- | M] () -- C:\Program Files\JavaRa.zip
[2011/06/07 10:36:35 | 000,887,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u25.exe
[2011/06/07 10:07:00 | 000,000,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.ics
[2011/06/07 10:06:11 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk
[2011/06/07 10:06:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/07 10:05:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/07 10:05:58 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 07:55:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
[2011/05/30 10:35:09 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\tdsskiller.zip
[2011/05/29 19:36:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/05/29 19:26:21 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2011/05/29 19:15:23 | 004,296,826 | R--- | M] (Swearware) -- C:\Documents and Settings\comers\Desktop\ComboFix.exe
[2011/05/28 07:21:06 | 000,033,948 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\rootkitunhookerReport
[2011/05/28 07:16:47 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\RKUnhookerLE.EXE
[2011/05/28 07:11:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\MBR.dat
[2011/05/28 07:06:27 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\comers\Desktop\aswMBR.exe
[2011/05/27 09:00:41 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\comers\Desktop\MCPR2.exe
[2011/05/26 10:31:38 | 000,606,104 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\unhide.exe
[2011/05/25 17:38:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/25 17:08:06 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\comers\Desktop\dds.scr
[2011/05/25 14:09:37 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\g707kvqb.exe
[2011/05/25 13:28:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\comers\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/25 13:14:45 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/25 13:10:35 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\comers\My Documents\avira_antivir_personal_en.exe
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\comers\Desktop\TDSSKiller.exe
[2011/05/24 11:28:45 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/05/08 17:28:52 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\comers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/07 10:43:08 | 000,160,350 | ---- | C] () -- C:\Program Files\JavaRa.zip
[2011/05/30 10:34:56 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\tdsskiller.zip
[2011/05/29 19:33:03 | 000,002,417 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk
[2011/05/29 19:33:03 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/05/29 19:33:03 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
[2011/05/29 19:32:39 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/05/29 19:32:39 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/05/29 19:32:39 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Networking Guide.lnk
[2011/05/29 19:32:39 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Solution Center.lnk
[2011/05/29 19:32:39 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Media Experience.lnk
[2011/05/29 19:32:39 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\FlipShare.lnk
[2011/05/29 19:32:39 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2004.lnk
[2011/05/29 19:32:39 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/29 19:32:39 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/05/29 19:32:39 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealOne Player.lnk
[2011/05/29 19:32:38 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/29 19:32:38 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Album 2.0 Starter Edition.lnk
[2011/05/29 19:32:38 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/05/29 19:32:38 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
[2011/05/29 19:32:38 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom Advanced Control Suite.lnk
[2011/05/29 19:32:38 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 4.0.lnk
[2011/05/29 19:32:38 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/05/29 19:32:37 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/05/29 19:32:37 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Product Registration.url
[2011/05/29 19:32:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/29 19:26:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/29 19:26:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/29 19:20:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/29 19:20:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/29 19:20:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/29 19:20:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/29 19:20:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/28 07:21:06 | 000,033,948 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\rootkitunhookerReport
[2011/05/28 07:16:46 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\RKUnhookerLE.EXE
[2011/05/28 07:11:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\MBR.dat
[2011/05/26 10:45:05 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk
[2011/05/26 10:45:05 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Sonic MyDVD.lnk
[2011/05/26 10:45:05 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/26 10:45:05 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/26 10:45:05 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\RealArcade.lnk
[2011/05/26 10:45:04 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Video Disc Copier.lnk
[2011/05/26 10:45:04 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2011/05/26 10:45:04 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ViewNX.lnk
[2011/05/26 10:45:04 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/26 10:45:04 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP Platinum.lnk
[2011/05/26 10:45:04 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Verizon Dsl.lnk
[2011/05/26 10:45:03 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2011/05/26 10:45:03 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Import Media Files (Handycam).lnk
[2011/05/26 10:45:03 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picture Motion Browser.lnk
[2011/05/26 10:45:03 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
[2011/05/26 10:45:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/26 10:45:03 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2011/05/26 10:45:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/26 10:45:02 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 4.0.lnk
[2011/05/26 10:45:02 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/05/26 10:31:32 | 000,606,104 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\unhide.exe
[2011/05/25 14:09:42 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\g707kvqb.exe
[2011/05/25 13:14:45 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/25 13:10:35 | 052,676,424 | ---- | C] () -- C:\Documents and Settings\comers\My Documents\avira_antivir_personal_en.exe
[2010/03/09 21:11:48 | 000,293,376 | ---- | C] () -- C:\Program Files\szo8idkt.exe
[2010/01/21 11:22:48 | 000,043,480 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/03 13:09:50 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Basic Track
[2010/01/03 13:09:50 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\comers\Application Data\Automatic Filter
[2010/01/03 13:09:50 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/01/03 13:09:50 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Brother
[2010/01/03 13:08:11 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\BSD
[2010/01/03 13:08:11 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\comers\Application Data\Audio Units
[2010/01/03 13:08:11 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/01/03 13:08:11 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Bass Reduction
[2008/04/05 11:44:32 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\$_hpcst$.hpc
[2008/03/18 10:04:17 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/24 05:34:59 | 000,000,275 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/24 05:34:55 | 000,000,234 | ---- | C] () -- C:\WINDOWS\KA.INI
[2007/08/25 23:48:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TSMLite.INI
[2007/05/13 21:47:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/05/11 22:22:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\PTTreeIcons.dll
[2006/04/26 10:46:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/03/02 13:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/24 11:01:20 | 000,000,459 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/03/08 12:02:36 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/02/23 11:03:53 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/08 12:02:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/27 10:33:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\PFP110JPR.{PB
[2004/09/27 10:33:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\PFP110JCM.{PB
[2004/09/03 18:29:18 | 000,014,032 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/26 16:22:10 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/06/26 16:13:01 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/06/26 16:08:39 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\comers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/08 23:33:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2004/05/11 13:32:36 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\comers\Local Settings\Application Data\fusioncache.dat
[2004/05/11 12:04:30 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2004/05/11 12:04:30 | 000,028,948 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2004/05/11 12:00:40 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/04/29 07:33:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/29 07:29:28 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/29 07:26:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/29 07:26:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/04/29 07:26:35 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/04/29 07:26:21 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2004/04/29 07:26:21 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/04/29 07:26:21 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/04/29 07:26:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/29 07:26:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/04/29 07:25:53 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/29 07:23:57 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/29 07:14:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/04/29 07:11:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/29 07:11:30 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/04/29 07:11:30 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/04/29 06:58:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/22 18:00:48 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/22 17:59:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/22 17:58:10 | 000,000,840 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/20 14:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 11:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini
[2000/11/10 15:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< :OTL >

< O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites) >

< O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: internet ([]about in Trusted sites) >

< O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: mcafee.com ([]http in Trusted sites) >

< O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites) >

< O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: musicmatch.com ([]* in Trusted sites) >

< O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.) >

< O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) >
Invalid Switch: ultrashim.cab (Reg Error: Key error.)


< O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...CAB?38118.8275 (Reg Error: Key error.) >
Invalid Switch: v4.windowsupdate.microsoft.co...CAB?38118.8275 (Reg Error: Key error.)


< O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab (Reg Error: Key error.) >
Invalid Switch: mcgdmgr.cab (Reg Error: Key error.)


< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)


< O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) >
Invalid Switch: C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)


< [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] >

< [2006/04/04 09:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint >
Invalid Switch: 04 09:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint


< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyflash] >

< [Reboot] >

< End of report >
 
security check log

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
McAfee Virtual Technician
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
RealTime Cookie Cleaner v2.5
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Common Files Verizon Online ConnMgr cmisrv.exe
Common Files Verizon Online AppMgr vzOpenUIServer.exe
``````````End of Log````````````
 
Wrong OTL log.
You clicked on "Scan" button instead of "Fix" button.
Please, redo.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
 
otl log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com\ deleted successfully.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\aolcfg.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\emlscbin.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\emlscres.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\scrpsbin.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\scrstres.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\vscfgui.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\vso.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\vsocfg.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\wrmstbin.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us\wrmstres.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us\us folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\en-us folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45554556.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45564557.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45574558.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45584559.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45594560.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45604561.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45614562.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45624563.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45634564.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45644565.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45654566.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\45664567.upm deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso\mcdelta.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vso folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\temp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\shared\agent.cab deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\shared folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\agentins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\agentins.ui deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\AgentVer.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\AgntIcfg.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\McAppIns.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\mcappins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\mcinsres.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\mcuninst.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\Uninst.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\uninst.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\VsCfgIns.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vsocfg.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vsoins.inf deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\vsoins.ui deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp\VsoVer.ini deleted successfully.
C:\Documents and Settings\All Users\Application Data\MCA318.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: comers
->Temp folder emptied: 210763 bytes
->Temporary Internet Files folder emptied: 4647827 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: comers
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06082011_114155

Files\Folders moved on Reboot...
C:\Documents and Settings\comers\Local Settings\Temp\WCESLog.log moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\XOPSA5HV\01[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\XOPSA5HV\delPublishersCookies[1].html moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\XOPSA5HV\iframe3[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\XOPSA5HV\showthread[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\J1UZSZZV\data_sync[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\J1UZSZZV\iframe3[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\J1UZSZZV\sh44[1].html moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\6O5QSVAZ\8557122212[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\6O5QSVAZ\aceUAC[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\6O5QSVAZ\clk[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\6O5QSVAZ\md[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\6O5QSVAZ\st[1] moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\6O5QSVAZ\st[2] moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\aceUAC[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\aceUAC[2].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\data_sync[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\dmm[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\iframe3[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\md[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\st[1] moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\track_click[1].htm moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\12HCQQED\welcome[1].htm moved successfully.

Registry entries deleted on Reboot...
 
esetscan txt

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\volsnap.sys.vir Win32/Olmasco.E trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP134\A0016852.dll Win32/Adware.Gamevance.AG application
 
Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
new otl

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: comers
->Temp folder emptied: 332231 bytes
->Temporary Internet Files folder emptied: 10617211 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 698 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: comers
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06102011_111534

Files\Folders moved on Reboot...
C:\Documents and Settings\comers\Local Settings\Temp\WCESLog.log moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\PDDFF9YG\topic165611-2[1].html moved successfully.
C:\Documents and Settings\comers\Local Settings\Temporary Internet Files\Content.IE5\NCZYC1YT\sh44[1].html moved successfully.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni

Latest posts

Back