GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Internet Security 2010 yeah

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 8:19 pm

Has Combofix completed it's run? if so, post the log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 8:22 pm

no didnt know if that was what you wanted doing it right now

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 8:23 pm

Okay.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 8:31 pm

ran combofix and it said open with witch program and i clicked notepad but its a bunch of text not like the others what do i do and should i have spyware doctor running

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 8:32 pm

Close Spyware Doctor, Combofix opens with the "open with" window?

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try run Combofix now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 8:51 pm

my computer slowing down and loading your last message with exe. app.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 8:52 pm

got the exehelper from this computer be back with the log.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:14 pm

exehelper made a log saved it but i ran combofix and was going to reboot but it said these real time scanners close before you hit ok or something of that nature
spywaredoctor 7
2avgantivirus
what now?

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 9:15 pm

You need to disable AVG and spyware doctor. Read my instructions in my post on page 1, it has info on disabling your AV.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:19 pm

sorry heres the log for exe just keep running up and down the stairs good workout though.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:19 pm

exeHelper by Raktor
Build 20091220
Run at 16:07:00 on 01/08/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 9:21 pm

Thanks.
exeHelper just resets the file association for exe files, to fix the "run with..." box so you can run Combofix.
Standing by for the log file.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:22 pm

if to do it up stairs to get your disable av link might be a min.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:36 pm

both computers wont goto that link can you copy and paste or just tell me how to do it.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 9:37 pm

Both computers wont go to the bleepingcomputer link?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:40 pm

now it will load your site but it has the green 3 bars for wifi but i go's away when i try that site

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 9:44 pm

Re-run OTL and post OTL.txt only.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:47 pm

ok be back.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:56 pm

OTL logfile created on: 1/8/2010 4:48:03 PM - Run 2
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Documents and Settings\Steve Collins\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.86 Gb Total Space | 39.31 Gb Free Space | 74.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON1150
Current User Name: Steve Collins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/08 16:08:05 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\32788R22FWJFW\cmd.cfxxe
PRC - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 06:00:00 | 00,093,184 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\yavayusa.dll
MOD - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
MOD - [2009/12/13 00:47:25 | 00,081,920 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/12 23:49:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 21:16:36 | 00,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009/01/18 08:13:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/03 07:11:35 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/12/20 20:54:34 | 00,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/30 15:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2004/02/20 17:14:04 | 00,045,056 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (WLTRYSVC)
SRV - [2004/01/06 11:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2009/11/20 14:56:02 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/01/18 08:14:02 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean)
DRV - [2009/01/18 08:13:44 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 07:12:22 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/04/03 07:12:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/04/03 07:11:40 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys -- (AvgTdi)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/16 13:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/04/01 11:43:02 | 00,066,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - [2005/03/31 07:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/18 01:28:33 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2005/02/18 01:16:15 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 01:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/11/15 16:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/09/23 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys -- (usbser)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/05/13 20:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/03/19 11:54:24 | 00,038,912 | R--- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys -- (P2k)
DRV - [2004/02/20 17:13:50 | 00,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/02 11:44:22 | 00,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [kimatobobo] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: parker.com ([polprod] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} [You must be registered and logged in to see this link.] (mhLabel Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} [You must be registered and logged in to see this link.] (Hotmail Attachments Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dllget\flashplayer\current\polarbear\ultrashim.cab File not found
O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\System32\mshlps.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 16:48:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/08 16:48:04 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/08 16:08:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/08 14:39:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/08 13:16:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 12:23:02 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/08 10:26:00 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (3) of TASKMGR.EXE
[2010/01/08 10:25:13 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iexplore.EXE
[2010/01/08 10:23:15 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy of TASKMGR.EXE
[2010/01/05 18:06:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/05 18:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/05 18:06:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 18:05:48 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/05 16:16:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/05 16:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/01/05 14:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/05 13:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Threat Expert
[2010/01/05 13:04:18 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/05 13:04:18 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/05 13:04:18 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/05 13:04:10 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/05 13:03:54 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/05 13:03:54 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/05 13:03:46 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/05 13:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/30 01:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/12/29 20:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Temp
[2009/12/24 14:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\Absolute Poker
[2009/12/24 14:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\Absolute Poker
[2009/12/24 14:54:51 | 00,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2009/12/23 14:19:53 | 10,832,920 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 02:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\SLOT
[2009/12/17 01:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/17 00:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\tonys stuff
[2009/12/13 06:27:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/12/12 23:50:52 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:50:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:50:52 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/11 03:01:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit
[2009/12/11 03:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\BS_Player
[2009/12/11 03:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\BS_Player
[2009/12/11 03:01:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer Pro
[2009/12/11 03:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer
[2009/12/11 03:00:57 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh
[2009/12/10 16:39:10 | 00,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2009/12/06 16:57:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/06 14:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/02/23 16:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\yavayusa.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\raripizu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\norefose.dll
[2010/01/08 16:53:51 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 16:35:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2010/01/08 16:29:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 16:29:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/08 16:03:54 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ugvmnwsy.job
[2010/01/08 15:51:46 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\exeHelper.com
[2010/01/08 15:15:15 | 03,819,182 | R--- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\ComboFix.exe
[2010/01/08 14:58:08 | 00,000,419 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/08 14:58:08 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/08 14:30:19 | 00,001,092 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 11:34:51 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/08 10:11:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/08 10:09:39 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/08 10:09:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 10:09:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/08 10:09:20 | 53,519,1552 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 08:48:43 | 05,578,752 | ---- | M] () -- C:\Documents and Settings\Steve Collins\ntuser.dat
[2010/01/08 08:48:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steve Collins\NTUSER.INI
[2010/01/08 01:00:17 | 00,002,599 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/07 20:35:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2010/01/07 16:15:48 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/05 16:17:01 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/05 16:16:58 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 13:03:49 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/03 21:18:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/31 17:42:19 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\IconCache.db
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 01:22:15 | 00,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 21:06:28 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 20:34:47 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 19:56:06 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\NO$GBA.INP
[2009/12/29 09:26:19 | 05,141,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/12/29 09:26:19 | 03,897,344 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/12/24 15:05:27 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:17 | 00,228,840 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/23 14:19:53 | 10,832,920 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 00:09:43 | 00,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2009/12/13 07:25:12 | 00,004,836 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 23:49:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:49:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:49:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/12 20:15:01 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/11 18:30:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D7WK0V61-Steve Collins).job
[2009/12/10 16:46:02 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,093,696 | -HS- | C] () -- C:\WINDOWS\System32\yavayusa.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\raripizu.dll
[2099/01/01 12:00:00 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\norefose.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 15:54:07 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\exeHelper.com
[2010/01/08 15:40:53 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ugvmnwsy.job
[2010/01/08 15:15:10 | 03,819,182 | R--- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\ComboFix.exe
[2010/01/08 14:58:08 | 00,000,419 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/08 14:58:08 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/07 16:05:28 | 00,002,599 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/05 16:16:59 | 00,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/05 16:16:58 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/05 16:16:57 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 13:04:19 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/05 13:04:18 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/01/05 13:04:18 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/05 13:04:18 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/05 13:04:18 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/01/05 13:04:10 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/05 13:03:54 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/05 13:03:54 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/05 13:03:49 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/05 13:03:46 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/03 21:18:16 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/30 01:22:15 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 20:34:47 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 20:30:34 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2009/12/29 20:30:33 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2009/12/24 15:05:27 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:11 | 00,228,840 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/13 13:25:05 | 00,609,726 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\102_1633.JPG
[2009/12/12 21:56:47 | 00,004,836 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 20:15:01 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/10 16:46:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/20 14:55:48 | 00,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2009/11/20 14:55:47 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2009/11/18 06:55:16 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/21 14:42:28 | 00,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/11/20 16:18:03 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2008/11/20 16:17:20 | 00,000,474 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/27 15:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\browser.INI
[2007/06/29 20:04:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/06/29 10:48:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\SPIDERCM.INI
[2007/05/22 18:15:22 | 00,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2007/05/10 20:45:21 | 00,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/05/10 20:45:13 | 00,001,092 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/12 17:56:03 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 13:07:52 | 00,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2005/06/23 02:41:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/23 02:41:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/23 02:41:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/23 02:41:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/23 02:40:26 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/06/20 03:30:10 | 00,000,141 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/26 16:29:19 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2005/02/26 16:17:13 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/26 13:22:07 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\fusioncache.dat
[2005/02/24 19:19:15 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/02/24 18:31:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/23 21:06:10 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2005/02/23 18:20:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/23 16:07:51 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Application Data\QSPMShare
[2005/02/18 01:31:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/18 01:21:40 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/18 01:13:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/02/18 00:23:14 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2001/09/17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 9:58 pm

posted from infected computer.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 10:02 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    MOD - [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\yavayusa.dll
    O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
    O4 - HKLM..\Run: [kimatobobo] File not found
    O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL ()
    O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
    O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\SYSTEM32\yavayusa.dll ()
    [2009/12/11 03:01:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit
    [2099/01/01 12:00:00 | 00,093,696 | -HS- | M] () -- C:\WINDOWS\System32\yavayusa.dll
    [2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\raripizu.dll
    [2099/01/01 12:00:00 | 00,039,424 | -HS- | M] () -- C:\WINDOWS\System32\norefose.dll
    [2010/01/08 16:53:51 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
    [2010/01/08 16:03:54 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ugvmnwsy.job
    [2010/01/08 14:58:08 | 00,000,419 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
    [2010/01/08 14:58:08 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 10:07 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32617793-570d-47d5-972a-cfabc51ca61a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32617793-570d-47d5-972a-cfabc51ca61a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kimatobobo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zehuwafob deleted successfully.
C:\WINDOWS\SYSTEM32\yavayusa.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gumosizit deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0}\ deleted successfully.
File C:\WINDOWS\SYSTEM32\yavayusa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0}\ deleted successfully.
File C:\WINDOWS\SYSTEM32\yavayusa.dll not found.
C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Conduit folder moved successfully.
File C:\WINDOWS\System32\yavayusa.dll not found.
C:\WINDOWS\SYSTEM32\raripizu.dll moved successfully.
C:\WINDOWS\SYSTEM32\norefose.dll moved successfully.
C:\WINDOWS\SYSTEM32\wijokipo moved successfully.
C:\WINDOWS\tasks\ugvmnwsy.job moved successfully.
C:\WINDOWS\SYSTEM32\uses32.dat moved successfully.
C:\WINDOWS\SYSTEM32\flags.ini moved successfully.

OTL by OldTimer - Version 3.1.21.2 log created on 01082010_170545

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 10:12 pm

Hello.
Delete this folder:
C:\32788R22FWJFW

Try re-running Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 10:14 pm

how

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 10:15 pm

To delete the folder? right click on it, select "delete"

Now double click on Combofix and try running it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 10:28 pm

cant find that file did a search

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 10:37 pm

Hmm, okay, re-run OTL one more time, I wanna see if that vundo module file is gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 10:38 pm

ok

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 10:56 pm

OTL logfile created on: 1/8/2010 5:39:28 PM - Run 3
OTL by OldTimer - Version 3.1.21.2 Folder = C:\Documents and Settings\Steve Collins\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 216.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.86 Gb Total Space | 39.32 Gb Free Space | 74.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON1150
Current User Name: Steve Collins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
MOD - [2009/12/13 00:47:25 | 00,081,920 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/12 23:49:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/24 21:16:36 | 00,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009/01/18 08:13:50 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/03 07:11:35 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2005/12/20 20:54:34 | 00,323,584 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/30 15:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2004/02/20 17:14:04 | 00,045,056 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (WLTRYSVC)
SRV - [2004/01/06 11:47:06 | 00,327,792 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2009/11/20 14:56:02 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/01/18 08:14:02 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean)
DRV - [2009/01/18 08:13:44 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 07:12:22 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007/04/03 07:12:22 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/04/03 07:11:40 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys -- (AvgTdi)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/06/16 13:41:02 | 00,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam)
DRV - [2005/04/01 11:43:02 | 00,066,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EAPPkt.sys -- (EAPPkt)
DRV - [2005/03/31 07:00:08 | 00,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 00,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 00,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 00,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 00,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint)
DRV - [2005/02/18 01:28:33 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2005/02/18 01:16:15 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 01:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/11/15 16:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/09/23 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys -- (usbser)
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/05/13 20:19:22 | 00,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2004/03/19 11:54:24 | 00,038,912 | R--- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys -- (P2k)
DRV - [2004/02/20 17:13:50 | 00,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/01/02 11:44:22 | 00,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 06:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [kimatobobo] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL File not found
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/11/25 20:11:09 | 00,000,000 | ---D | M]
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: parker.com ([polprod] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} [You must be registered and logged in to see this link.] (mhLabel Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} [You must be registered and logged in to see this link.] (Hotmail Attachments Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\System32\yavayusa.dll File not found
O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dllget\flashplayer\current\polarbear\ultrashim.cab File not found
O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\System32\yavayusa.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\System32\mshlps.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 16:48:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/08 16:48:04 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/08 16:08:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/08 14:39:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/08 13:16:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 12:23:02 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/08 10:26:00 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy (3) of TASKMGR.EXE
[2010/01/08 10:25:13 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iexplore.EXE
[2010/01/08 10:23:15 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy of TASKMGR.EXE
[2010/01/05 18:06:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/05 18:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/05 18:06:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 18:05:48 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/05 16:16:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/05 16:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/01/05 14:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/05 13:39:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Threat Expert
[2010/01/05 13:04:18 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/05 13:04:18 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/05 13:04:18 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/05 13:04:10 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/05 13:03:54 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/05 13:03:54 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/05 13:03:46 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\PC Tools
[2010/01/05 13:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/05 13:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/30 01:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/12/29 20:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\Temp
[2009/12/24 14:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\Absolute Poker
[2009/12/24 14:55:00 | 00,000,000 | ---D | C] -- C:\Program Files\Absolute Poker
[2009/12/24 14:54:51 | 00,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2009/12/23 14:19:53 | 10,832,920 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 02:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\SLOT
[2009/12/17 01:03:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/17 00:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Desktop\tonys stuff
[2009/12/13 06:27:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/12/12 23:50:52 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:50:52 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:50:52 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:50:52 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/11 03:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\BS_Player
[2009/12/11 03:01:20 | 00,000,000 | ---D | C] -- C:\Program Files\BS_Player
[2009/12/11 03:01:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer Pro
[2009/12/11 03:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Collins\Application Data\BSplayer
[2009/12/11 03:00:57 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh
[2009/12/10 16:39:10 | 00,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2009/12/06 16:57:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/06 15:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/06 14:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/02/23 16:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/08 17:48:54 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 17:35:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2010/01/08 17:29:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 17:00:00 | 00,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/08 16:29:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/08 15:51:46 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\exeHelper.com
[2010/01/08 15:15:15 | 03,819,182 | R--- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\ComboFix.exe
[2010/01/08 14:30:19 | 00,001,092 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/08 13:07:36 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Collins\Desktop\OTL.exe
[2010/01/08 11:34:51 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/08 10:11:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/08 10:09:39 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/08 10:09:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 10:09:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/08 10:09:20 | 53,519,1552 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 08:48:43 | 05,578,752 | ---- | M] () -- C:\Documents and Settings\Steve Collins\ntuser.dat
[2010/01/08 08:48:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steve Collins\NTUSER.INI
[2010/01/08 01:00:17 | 00,002,599 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/07 20:35:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2010/01/07 16:15:48 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve Collins\Desktop\iexplore.exe
[2010/01/05 16:16:58 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 13:03:49 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/03 21:18:16 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/31 17:42:19 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\IconCache.db
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 01:22:15 | 00,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 21:06:28 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/29 20:34:47 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 19:56:06 | 00,001,536 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\NO$GBA.INP
[2009/12/29 09:26:19 | 05,141,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/12/29 09:26:19 | 03,897,344 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/12/24 15:05:27 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:17 | 00,228,840 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/23 14:19:53 | 10,832,920 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\Steve Collins\Desktop\ashampoo_winoptimizer_2010_advanced_6[1].50_6644.exe
[2009/12/17 00:09:43 | 00,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2009/12/13 07:25:12 | 00,004,836 | ---- | M] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 23:49:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/12 23:49:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/12 23:49:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/12 23:49:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/12 20:15:01 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/11 18:30:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D7WK0V61-Steve Collins).job
[2009/12/10 16:46:02 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/08 17:14:27 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\wijokipo
[2010/01/08 15:54:07 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\exeHelper.com
[2010/01/08 15:15:10 | 03,819,182 | R--- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\ComboFix.exe
[2010/01/07 16:05:28 | 00,002,599 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\HiJackThis.lnk
[2010/01/05 16:16:59 | 00,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/05 16:16:58 | 00,000,394 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/05 16:16:57 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/05 13:04:19 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/05 13:04:18 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/01/05 13:04:18 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/05 13:04:18 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/05 13:04:18 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/01/05 13:04:10 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/05 13:03:54 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/05 13:03:54 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/05 13:03:49 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/05 13:03:46 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/03 21:18:16 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/03 21:18:16 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/30 01:22:15 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\One-Click-Optimizer.lnk
[2009/12/30 01:22:15 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ashampoo WinOptimizer 2010 Advanced.lnk
[2009/12/29 23:57:38 | 00,002,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\1229 new.bsl
[2009/12/29 20:34:47 | 00,002,344 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Google Chrome.lnk
[2009/12/29 20:30:34 | 00,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006UA.job
[2009/12/29 20:30:33 | 00,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2431532243-2449587419-2770306861-1006Core.job
[2009/12/24 15:05:27 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\Absolute Poker.lnk
[2009/12/24 14:53:50 | 00,002,955 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\new@1.bsl
[2009/12/24 14:47:11 | 00,228,840 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\AbsolutePoker_Setup.exe
[2009/12/13 13:25:05 | 00,609,726 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\102_1633.JPG
[2009/12/12 21:56:47 | 00,004,836 | ---- | C] () -- C:\Documents and Settings\Steve Collins\My Documents\links to It's Always Sunny In Philadelphia.rtf
[2009/12/12 20:15:01 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Desktop\BS.Player FREE.lnk
[2009/12/10 16:46:02 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/20 14:55:48 | 00,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2009/11/20 14:55:47 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2009/11/18 06:55:16 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/21 14:42:28 | 00,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/11/20 16:18:03 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2008/11/20 16:17:20 | 00,000,474 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/27 15:23:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\browser.INI
[2007/06/29 20:04:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/06/29 10:48:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\SPIDERCM.INI
[2007/05/22 18:15:22 | 00,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2007/05/10 20:45:21 | 00,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/05/10 20:45:13 | 00,001,092 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/12 17:56:03 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 13:07:52 | 00,045,056 | R--- | C] () -- C:\Program Files\SetAttrib.exe
[2005/06/23 02:41:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/23 02:41:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/23 02:41:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/23 02:41:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/23 02:41:00 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/23 02:40:26 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2005/06/20 03:30:10 | 00,000,141 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/26 16:29:19 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll
[2005/02/26 16:17:13 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/26 13:22:07 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Local Settings\Application Data\fusioncache.dat
[2005/02/24 19:19:15 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/02/24 18:31:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/23 21:06:10 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2005/02/23 18:20:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/23 16:07:51 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Steve Collins\Application Data\QSPMShare
[2005/02/18 01:31:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/18 01:21:40 | 00,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/18 01:13:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/02/18 00:23:14 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 22:49:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2001/09/17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 11:01 pm

sorry it looked like it did not goto the page on the other computer.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 11:02 pm

Hello.
Okay, one more time.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Development Kit 5.0 Update 4
    LimeWire 4.6.0
    Viewpoint Media Player

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {32617793-570d-47d5-972a-cfabc51ca61a} - File not found
    O4 - HKLM..\Run: [kimatobobo] File not found
    O4 - HKLM..\Run: [zehuwafob] C:\WINDOWS\System32\yavayusa.DLL File not found
    O21 - SSODL: gumosizit - {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - C:\WINDOWS\System32\yavayusa.dll File not found
    O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dllget\flashplayer\current\polarbear\ultrashim.cab File not found
    O22 - SharedTaskScheduler: {0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} - kupuhivus - C:\WINDOWS\System32\yavayusa.dll File not found
    O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell - "" = AutoRun
    O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\mshlps.dll) - C:\WINDOWS\System32\mshlps.dll File not found
    [2010/01/08 17:48:54 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\wijokipo


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 11:04 pm

i dont use it i will take it off tell me how regular delete?

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 11:21 pm

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32617793-570d-47d5-972a-cfabc51ca61a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32617793-570d-47d5-972a-cfabc51ca61a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kimatobobo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zehuwafob deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gumosizit deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SwUpdate deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{009541A0-3B00-1F1C-00F3-040224001C01}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c89b3f5-c97a-419f-a0b1-bd1a3e72c7f0}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c0009e-e2bb-11de-b514-000b7d199291}\ not found.
File E:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\AppSecDll:C:\WINDOWS\system32\mshlps.dll deleted successfully.
C:\WINDOWS\SYSTEM32\wijokipo moved successfully.

OTL by OldTimer - Version 3.1.21.2 log created on 01082010_181537

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Fri Jan 08, 2010 11:23 pm

Okay, re-run Hijack This now and post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Fri Jan 08, 2010 11:54 pm

is that it

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Sat Jan 09, 2010 1:33 am

Hopefully.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 1:40 am

it works but should i restart and what freeware av do you think would help me not do this all over again. thanks

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Sat Jan 09, 2010 1:42 am

Were not at that point yet, I'll post some recommendations once I check this final log. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 5:19 pm

hi my uncle was on his computer last night i left went to my friends
and my grandpa restarted the computer and i came in this morning and tryed a start up and it keeps saying

THE LOGON USER INTERFACE DLL FAILED TO LOAD

CONTACT YOUR SYSTEM ADMINISTRATOR TO REPLACE THE DLL OR RESTORE THE DLL OR RESTORE THE ORIGINAL DLL.

{RESTART}

I HIT RESTART AND THE SAME THING KEEPS COMING UP IS THAT BAD CAN YOU FIX IT IM SO IN YOUR Gratitude. WAIT FOR INSTRUCTIONS.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 6:08 pm

and last night i was unable to see any new post that i posted or you posted. on the website.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Sat Jan 09, 2010 7:09 pm

Do you have your XP disc?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 7:12 pm

no

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 7:12 pm

i have a 4gb cruzer stick can i download it

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Belahzur on Sat Jan 09, 2010 7:18 pm

No, we may need to do a repair install because of the malware damage, if the worst comes to the worst, a format may be needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 7:19 pm

ok how do you do that

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Origin on Sat Jan 09, 2010 7:57 pm

Do this for the moment:

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.

  • Download The Avira AntiVir Rescue System from [You must be registered and logged in to see this link.].
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer.
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.


Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.


Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.


Then please start the scan.

The Avira AntiVir Rescue System wil now

  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31443
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 8:17 pm

downloading now cd or dvd sorry my little cousins on this computer try to come back every 30 min hes playing around cant just kick him off.

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by Origin on Sat Jan 09, 2010 8:22 pm

Alright reply back once you have done the scan.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31443
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 8:31 pm

if you fix this i will donate you take paypal

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Re: Internet Security 2010 yeah

Post by tonydandre on Sat Jan 09, 2010 8:50 pm

it sounds like it reading the disc but nothing happens anything else?

tonydandre
Banned
Banned

Status :
Online
Offline

Posts : 129
Joined : 2010-01-05
OS : windows xp
Points : 27357
# Likes : 0

View user profile

Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum