Malware Defense Removal

View previous topic View next topic Go down

Malware Defense Removal

Post by DNoble on Fri Jan 22, 2010 6:30 am

Hi there,
I've tried Spydoctor, Malbytes, Zilla something, Pareto, and a couple others. They won't even run. In safe mode, my keyboard refuses to work. I'm getting tons of shit popping up, all since
malware defense showed up today. I'm at my wits end!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:32 AM, on 22/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\extrac64_cab.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\winhlp64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\Installer.exe
C:\Documents and Settings\Wayne Noble\My Documents\Downloads\HJTInstall.exe
C:\Documents and Settings\Wayne Noble\My Documents\Downloads\HJTInstall.exe
C:\Documents and Settings\Wayne Noble\My Documents\Downloads\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: searchersmart search enhancer - {94082E2E-49C0-C862-8BCC-8E49D550DF45} - C:\WINDOWS\system32\bcnxmsgqqbuefv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\extrac64_cab.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg SchedulerV2.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg SchedulerV2.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - [You must be registered and logged in to see this link.]
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8F40B61-B4B5-4A75-A39C-E26A7929A67E}: NameServer = 10.4.40.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Helodrmkipbd - Google - (no file)
O23 - Service: Helodrmkipbd - Google - (no file)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

--
End of file - 14253 bytes


I'm hoping I'm doing this correctly. Please help!!

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Fri Jan 22, 2010 10:29 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    O2 - BHO: searchersmart search enhancer - {94082E2E-49C0-C862-8BCC-8E49D550DF45} - C:\WINDOWS\system32\bcnxmsgqqbuefv.dll (file missing)
    O4 - HKCU\..\Run: [extrac64_cab.exe] C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\extrac64_cab.exe
    O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
    O23 - Service: Helodrmkipbd - Google - (no file)
    O23 - Service: Helodrmkipbd - Google - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Fri Jan 22, 2010 11:53 pm

My computer refuses to open the Malwarebytes exe file. It thinks for a momment, then nothing happens??

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sat Jan 23, 2010 1:41 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sat Jan 23, 2010 2:08 am

ComboFix is not working. In fact now there's something else on my computer,
Anti Virus plus, and everything is totally f*** up....
I tried to find combofix other places, but it generally blocked me at every turn.
I'm very confused, and angry, and AHHHHHHH!

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sat Jan 23, 2010 11:00 pm

Try this instead.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 24, 2010 12:59 am

It won't let me access that either. I think I'm f***.
Is there any way to prevent the virus from preventing me?
It says it can't find it or it redirects me to something totally useless.

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sun Jan 24, 2010 1:11 am

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then try downloading OTL in Safe Mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 24, 2010 3:22 am

Okay, So I downloaded a Zip file, not from your source, beacuse I couldn't make it work.
I opened it in Winzip and there's a million files, mostly HTMLs but no exe.
I take it this might not be right.
Do you have another source for OTL.exe?

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 24, 2010 3:24 am

By the way, I should say that you guys rock.
I can't tell you how appreciative I am.
If this works, and you guys happen to live in Montreal, I'm buying you beers.

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sun Jan 24, 2010 5:49 pm

Will Combofix work in Safe Mode? did you try that?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 24, 2010 8:55 pm

It says it can't open the file, the file is infected, and asks me to activate my anitivirus software.
Do I need to deactivate something first? Unfortunately the link you put up to deactivate my AV doesn't work. It's blocked.

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sun Jan 24, 2010 11:46 pm

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Jan 25, 2010 5:13 pm

I downloaded it, it won't open: error code 1073741762

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Jan 25, 2010 9:30 pm

Please rename OTL to winlogon and see if it will run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Jan 25, 2010 9:59 pm

OTL didn't run, couldn't download it. But now I'm out of safe mode, it SEEMS like ice sword is working.
IF it is, what should I do?

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Jan 25, 2010 10:14 pm

Hello.

  • Now, on the left hand side tool, hit the Process button at the top of the list.
  • Just above the list, there is a log button, press that and save the log to your Desktop.
  • Next, hit the Startup on the left side list.
  • Press the log button again.
  • Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Jan 25, 2010 10:53 pm

Process:

System Idle Process
System
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\smss.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\SYSTEM32\smss32.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en\IceSword.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\umonit.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\smss.exe
C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
C:\Program Files\WinZip\WZQKPICK.EXE
and then.....
Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DwlClient
c:\Program Files\Common Files\Dell\EUSW\Support.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdateManager
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCMService
"C:\Program Files\Dell\Media Experience\PCMService.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Omnipage
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelMeM
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HotKeysCmds
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DVDSentry
C:\WINDOWS\System32\DSentry.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
dla
C:\WINDOWS\system32\dla\tfswctrl.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UMonit
C:\WINDOWS\system32\umonit.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
osCheck
"C:\Program Files\Norton Internet Security\osCheck.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AppleSyncNotifier
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LifeCam
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
VX3000
C:\WINDOWS\vVX3000.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISTray
"C:\Program Files\Spyware Doctor\pctsTray.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ParetoLogic Anti-Virus PLUS
"C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
net
"C:\WINDOWS\system32\net.net"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AntiVirus Plus
"C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Administrator.DBQMM051\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
smss32.exe
C:\WINDOWS\system32\smss32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Eyale
rundll32.exe "C:\WINDOWS\enokawasaxoveseb.dll",Startup

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
updateMgr
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AntiVirus Plus
"C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Administrator.DBQMM051\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
asg984jgkfmgasi8ug98jgkfgfb
C:\DOCUME~1\WAYNEN~1\LOCALS~1\Temp\smss.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AntiVirus Plus.lnk
C:\WINDOWS\SYSTEM32\rundll32.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Corel MEDIA FOLDERS INDEXER 8.LNK
C:\Corel\Graphics8\Programs\MFIndexer.exe (Remark£ºCorel MEDIA FOLDERS INDEXER 8)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DESKTOP.INI


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EPSON Status Monitor 3 Environment Check 2.lnk
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk
C:\Program Files\WinZip\WZQKPICK.EXE (Remark£ºWinZip Quick Pick)

C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup
AntiVirus Plus.lnk
C:\WINDOWS\SYSTEM32\rundll32.exe (Remark£º)

C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup
DESKTOP.INI


C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup
Picture Motion Browser Media Check Tool.lnk
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Remark£ºPicture Motion Browser Media Check Tool)

C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup
PowerReg SchedulerV2.exe

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Fri Jan 29, 2010 11:52 pm

Hey there,
just wondering if you've had time to look this stuff over?
What should I do next?

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sat Jan 30, 2010 6:03 pm

Hello.

  • In IceSword, press the Registry button on the bottom left of the program.
  • Drag the middle bar further to the right so you can see the paths.
  • Follow this path to the Run key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  • Left click once on the Run key, then in the right side pane, find the run following run values:


    net
    AntiVirus Plus
    smss32.exe
    Eyale


  • Right click each one, hit delete.
  • Now follow the path for the next Run key:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

  • Left click once on the Run key, then in the right side pane, find the run following run values:


    AntiVirus Plus
    asg984jgkfmgasi8ug98jgkfgfb


  • Delete the same exact named run values as before.
  • Now reboot normally, can you run MBAM now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sat Jan 30, 2010 11:57 pm

I still can't run it, it freezes during the instalation, right when it says "extracting files"
Also, when I try to go into task manager or regedit, it says it has been disabled by the administrator. How do I fix that?

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sun Jan 31, 2010 2:09 am

Can you try OTL for me please?
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 31, 2010 6:03 pm

OTL file
OTL logfile created on: 31/01/2010 12:57:57 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Wayne Noble\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 9.65 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBQMM051
Current User Name: Wayne Noble
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
PRC - [2010/01/22 20:34:39 | 000,147,456 | -HS- | M] (HellFire) -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe
PRC - [2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\SYSTEM32\smss32.exe
PRC - [2010/01/08 19:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/12/11 14:00:44 | 013,006,104 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/08/06 10:44:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
PRC - [2005/11/14 08:05:05 | 000,083,456 | R--- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe
PRC - [2005/10/19 07:59:12 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2004/12/17 08:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2004/01/05 08:59:06 | 000,053,248 | ---- | M] (General) -- C:\WINDOWS\SYSTEM32\umonit.exe
PRC - [2003/10/07 16:21:10 | 000,294,912 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/09/26 00:04:00 | 000,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2003/09/03 20:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/26 19:47:34 | 000,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2003/08/13 10:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/06/03 10:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
MOD - [2007/03/08 10:36:28 | 000,140,800 | ---- | M] () -- C:\WINDOWS\enokawasaxoveseb.dll
MOD - [2007/03/08 10:36:28 | 000,037,376 | ---- | M] () -- C:\WINDOWS\kbet70A.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/06/03 10:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Savradm)
SRV - File not found [On_Demand | Stopped] -- -- (Helodrmkipbd)
SRV - [2010/01/17 05:27:20 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/01/08 19:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) [Auto | Running] -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe -- (ZeppelinService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc)
SRV - [2005/01/03 19:22:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [2000/05/24 14:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ATMsrvc.exe -- (ATMsrvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 16:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\taphss.sys -- (taphss)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vx3000.sys -- (VX3000)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eraserutilrebootdrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\navex15.sys -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\naveng.sys -- (NAVENG)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\symidsco.sys -- (SYMIDSCO)
DRV - [2009/01/09 13:01:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symevent.sys -- (SymEvent)
DRV - [2008/09/15 19:14:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\coh_mon.sys -- (COH_Mon)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\co_mon.sys -- (CO_Mon)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys -- (grmnusb)
DRV - [2006/08/31 12:03:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/10/19 07:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 02:09:58 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mstape.sys -- (MSTAPE)
DRV - [2004/08/04 02:09:58 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 01:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2004/08/04 01:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2004/08/04 01:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/01/05 09:23:16 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fixustor.sys -- (fixustor)
DRV - [2003/11/18 11:38:32 | 000,591,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/09/26 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/09/26 00:04:00 | 000,098,164 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/09/26 00:04:00 | 000,083,572 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/09/26 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/09/26 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/09/26 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/09/26 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/09/26 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/09/26 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/09/19 02:21:00 | 000,084,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/08/11 09:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 10:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/04/15 10:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/08 00:18:49 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Wayne Noble\Local Settings\Temp\ddxgb.sys -- (ddxgb)
DRV - [2002/08/29 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2002/01/24 10:23:40 | 000,013,545 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Stltrk2k.sys -- (Stltrk2k)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\modemcsa.sys -- (MODEMCSA)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvu1.sys -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {4a4f15aa-8569-f02e-7cb6-b10fe045b81c}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {47D99070-1169-4A6B-AA14-DB1810417EF5}:1.9.1
FF - prefs.js..extensions.enabledItems: {3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}:1.9.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{47D99070-1169-4A6B-AA14-DB1810417EF5}: C:\Documents and Settings\Administrator.DBQMM051\Local Settings\Application Data\{47D99070-1169-4A6B-AA14-DB1810417EF5} [2010/01/22 20:09:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} [2010/01/22 20:32:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 03:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 04:19:11 | 000,000,000 | ---D | M]

[2008/12/10 10:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Extensions
[2010/01/22 21:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\extensions
[2009/07/01 14:20:48 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\searchplugins\conduit.xml
[2010/01/30 23:47:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/22 20:06:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{4a4f15aa-8569-f02e-7cb6-b10fe045b81c}
[2010/01/22 20:06:09 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2009/12/05 19:27:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/05 19:27:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/05 19:27:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/05 19:27:10 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\system32\k8efzgigz.dll) - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\SYSTEM32\k8efzgigz.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [Eyale] C:\WINDOWS\enokawasaxoveseb.DLL ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (UiRXgyfcN)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\SYSTEM32\umonit.exe (General)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe (HellFire)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} [You must be registered and logged in to see this link.] (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [You must be registered and logged in to see this link.] (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (InstallShield International Setup Player)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} [You must be registered and logged in to see this link.] (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [You must be registered and logged in to see this link.] (CTAdjust Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\SYSTEM32\winlogon32.exe (UiRXgyfcN)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\SYSTEM32\k8efzgigz.dll ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/31 00:02:52 | 000,110,953 | ---- | M] () - C:\autoexec.exe -- [ NTFS ]
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell - "" = AutoRun
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 31, 2010 6:03 pm

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 00:24:11 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 22:06:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\PrivacIE
[2010/01/30 22:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\IETldCache
[2010/01/30 21:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/30 21:54:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/30 18:51:50 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 14:51:40 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/01/25 12:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en
[2010/01/22 21:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Desktop\ComboFixT
[2010/01/22 20:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc
[2010/01/22 20:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}
[2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\kkalf.exe
[2010/01/22 19:54:02 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/01/22 19:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 00:08:13 | 000,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/22 00:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Downloaded Installations
[2010/01/21 23:20:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/21 23:01:03 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/21 23:01:03 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/21 23:00:57 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Application Data\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/21 23:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/21 22:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 21:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/20 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/13 03:33:43 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/21 16:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Hotspot_Shield
[2008/07/10 05:59:27 | 000,642,540 | ---- | C] (Xvid team ) -- C:\Program Files\Xvid-1.1.3-27042008.exe
[2007/12/20 15:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/28 07:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2004/09/12 13:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 12:54:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/01/31 12:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2010/01/31 12:41:03 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/31 12:40:00 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/01/31 12:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2010/01/31 12:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2010/01/31 11:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2010/01/31 11:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2010/01/31 11:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2010/01/31 10:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2010/01/31 10:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2010/01/31 10:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2010/01/31 09:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2010/01/31 09:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010/01/31 09:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010/01/31 08:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010/01/31 08:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010/01/31 08:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010/01/31 07:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010/01/31 07:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010/01/31 07:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010/01/31 06:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010/01/31 06:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010/01/31 06:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010/01/31 05:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/01/31 05:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/01/31 05:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/01/31 04:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/01/31 04:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/31 04:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/01/31 03:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/31 03:34:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/31 03:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/31 03:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/31 02:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/31 02:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/31 02:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/31 01:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/31 01:31:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/31 01:11:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/31 00:51:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/31 00:33:06 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/31 00:31:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/31 00:10:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/31 00:02:52 | 000,110,953 | ---- | M] () -- C:\autoexec.exe
[2010/01/30 23:50:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/30 23:49:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 23:30:43 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/01/30 23:30:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/30 23:29:30 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/30 23:29:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/30 23:29:13 | 000,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/30 23:28:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/30 23:28:16 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/30 23:14:46 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\ntuser.dat
[2010/01/30 22:03:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Wayne Noble\NTUSER.INI
[2010/01/30 21:58:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 21:07:37 | 000,000,648 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/30 21:07:37 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/30 20:51:15 | 000,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/01/30 20:47:31 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/30 19:20:34 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 18:51:51 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 18:30:33 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/30 18:30:32 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/30 16:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/30 14:51:41 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/01/30 12:52:04 | 000,004,286 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/30 12:52:04 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk
[2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/30 12:51:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/01/29 19:15:13 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\O9I033SIX1.dat
[2010/01/29 18:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19589.exe
[2010/01/29 18:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15281.exe
[2010/01/29 18:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14798.exe
[2010/01/29 17:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19796.exe
[2010/01/29 17:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20580.exe
[2010/01/29 17:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6618.exe
[2010/01/29 16:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13458.exe
[2010/01/29 16:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25200.exe
[2010/01/29 16:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7448.exe
[2010/01/29 15:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9503.exe
[2010/01/29 15:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29314.exe
[2010/01/29 15:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1587.exe
[2010/01/29 14:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30523.exe
[2010/01/29 14:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14343.exe
[2010/01/29 14:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3093.exe
[2010/01/29 13:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20485.exe
[2010/01/29 13:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3195.exe
[2010/01/29 13:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32702.exe
[2010/01/29 12:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14989.exe
[2010/01/29 12:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32609.exe
[2010/01/29 12:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5844.exe
[2010/01/29 11:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11008.exe
[2010/01/29 11:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6224.exe
[2010/01/29 11:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30303.exe
[2010/01/29 10:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22798.exe
[2010/01/29 10:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31556.exe
[2010/01/29 10:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16519.exe
[2010/01/29 09:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5249.exe
[2010/01/29 09:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20600.exe
[2010/01/29 09:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17451.exe
[2010/01/29 08:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18935.exe
[2010/01/29 08:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7616.exe
[2010/01/29 08:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14309.exe
[2010/01/29 07:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9514.exe
[2010/01/29 07:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22813.exe
[2010/01/29 07:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6617.exe
[2010/01/29 06:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14310.exe
[2010/01/29 06:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2421.exe
[2010/01/29 06:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17807.exe
[2010/01/29 05:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22483.exe
[2010/01/29 05:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24648.exe
[2010/01/29 05:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14893.exe
[2010/01/29 04:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3728.exe
[2010/01/29 04:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\467.exe
[2010/01/29 04:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18127.exe
[2010/01/29 03:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3788.exe
[2010/01/29 03:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6900.exe
[2010/01/29 03:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27938.exe
[2010/01/29 02:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26418.exe
[2010/01/29 02:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1999.exe
[2010/01/29 02:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\53.exe
[2010/01/29 01:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4734.exe
[2010/01/29 01:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8281.exe
[2010/01/29 01:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24484.exe
[2010/01/29 00:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19668.exe
[2010/01/29 00:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23199.exe
[2010/01/29 00:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27348.exe
[2010/01/28 23:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24021.exe
[2010/01/28 23:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4596.exe
[2010/01/28 23:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11020.exe
[2010/01/28 22:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9374.exe
[2010/01/28 22:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30836.exe
[2010/01/28 22:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10291.exe
[2010/01/28 21:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24350.exe
[2010/01/28 21:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3602.exe
[2010/01/28 21:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4041.exe
[2010/01/28 20:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27595.exe
[2010/01/28 20:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6483.exe
[2010/01/28 20:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21548.exe
[2010/01/28 19:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20537.exe
[2010/01/28 19:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27624.exe
[2010/01/28 19:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6359.exe
[2010/01/28 18:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17410.exe
[2010/01/28 18:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1655.exe
[2010/01/28 18:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18762.exe
[2010/01/28 17:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32591.exe
[2010/01/28 17:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\900.exe
[2010/01/28 17:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29168.exe
[2010/01/28 16:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16413.exe
[2010/01/28 16:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13030.exe
[2010/01/28 16:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27506.exe
[2010/01/28 15:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24946.exe
[2010/01/28 15:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6422.exe
[2010/01/28 15:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18588.exe
[2010/01/28 14:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24221.exe
[2010/01/28 14:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9758.exe
[2010/01/28 14:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32209.exe
[2010/01/28 13:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8909.exe
[2010/01/28 13:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14945.exe
[2010/01/28 13:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10383.exe
[2010/01/28 12:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27753.exe
[2010/01/28 12:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12287.exe
[2010/01/28 12:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15457.exe
[2010/01/28 11:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11337.exe
[2010/01/28 11:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18007.exe
[2010/01/28 11:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30191.exe
[2010/01/28 10:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31107.exe
[2010/01/28 10:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3430.exe
[2010/01/28 10:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13966.exe
[2010/01/28 09:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21724.exe
[2010/01/28 09:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16941.exe
[2010/01/28 09:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1150.exe
[2010/01/28 08:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27350.exe
[2010/01/28 08:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12052.exe
[2010/01/28 08:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4031.exe
[2010/01/28 07:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15574.exe
[2010/01/28 07:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23655.exe
[2010/01/28 07:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24767.exe
[2010/01/28 06:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22355.exe
[2010/01/28 06:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18636.exe
[2010/01/28 06:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9161.exe
[2010/01/28 05:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13290.exe
[2010/01/28 05:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23986.exe
[2010/01/28 05:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16512.exe
[2010/01/28 04:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5097.exe
[2010/01/28 04:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15573.exe
[2010/01/28 04:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26777.exe
[2010/01/28 03:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5829.exe
[2010/01/28 03:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6270.exe
[2010/01/28 03:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19072.exe
[2010/01/28 02:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26924.exe
[2010/01/28 02:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28745.exe
[2010/01/28 02:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5021.exe
[2010/01/28 01:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22386.exe
[2010/01/28 01:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31673.exe
[2010/01/28 01:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2306.exe
[2010/01/28 00:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13977.exe
[2010/01/28 00:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9930.exe
[2010/01/28 00:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22704.exe
[2010/01/27 23:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29658.exe
[2010/01/27 23:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4639.exe
[2010/01/27 23:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31115.exe
[2010/01/27 22:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4833.exe
[2010/01/27 22:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16541.exe
[2010/01/27 22:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
[2010/01/27 21:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
[2010/01/27 21:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
[2010/01/27 21:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
[2010/01/27 20:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
[2010/01/27 20:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
[2010/01/27 20:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
[2010/01/27 19:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
[2010/01/27 19:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
[2010/01/27 19:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
[2010/01/27 18:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
[2010/01/27 18:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
[2010/01/27 18:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
[2010/01/27 17:53:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
[2010/01/27 17:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
[2010/01/27 17:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
[2010/01/27 16:53:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
[2010/01/27 16:33:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
[2010/01/27 16:13:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
[2010/01/27 15:53:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
[2010/01/27 15:33:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
[2010/01/27 15:13:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
[2010/01/27 14:53:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
[2010/01/27 14:33:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
[2010/01/27 14:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
[2010/01/27 13:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
[2010/01/27 13:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
[2010/01/27 13:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
[2010/01/27 12:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
[2010/01/27 12:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
[2010/01/27 12:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
[2010/01/27 11:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
[2010/01/27 11:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
[2010/01/27 11:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
[2010/01/27 10:53:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
[2010/01/27 10:33:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
[2010/01/27 10:12:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
[2010/01/27 09:52:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
[2010/01/27 09:32:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
[2010/01/27 09:12:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
[2010/01/27 08:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
[2010/01/27 08:31:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2010/01/27 08:11:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2010/01/27 07:50:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2010/01/27 07:30:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2010/01/27 07:10:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
[2010/01/27 06:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
[2010/01/27 06:29:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
[2010/01/27 06:09:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2010/01/27 05:49:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
[2010/01/27 05:28:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2010/01/27 05:08:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2010/01/27 04:48:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2010/01/27 04:27:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2010/01/27 04:07:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2010/01/27 03:47:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2010/01/27 03:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2010/01/27 03:06:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2010/01/25 20:05:17 | 000,000,634 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Wayne Noble.job
[2010/01/25 16:42:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:10:23 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/24 01:58:58 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 20:56:33 | 001,088,512 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/01/22 20:06:45 | 000,118,256 | ---- | M] () -- C:\WINDOWS\System32\7Pb5AGmfE-.exe
[2010/01/22 20:06:11 | 000,180,224 | ---- | M] () -- C:\WINDOWS\msa.exe
[2010/01/22 20:06:07 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
[2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\kkalf.exe
[2010/01/22 20:06:02 | 000,015,000 | ---- | M] () -- C:\WINDOWS\System32\k8efzgigz.dll
[2010/01/22 20:05:39 | 000,057,356 | ---- | M] () -- C:\WINDOWS\System32\net.net
[2010/01/22 19:49:17 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2010/01/22 18:49:24 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:55 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/21 21:50:01 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/21 12:24:16 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/31 00:02:51 | 000,110,953 | ---- | C] () -- C:\autoexec.exe
[2010/01/30 23:49:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe
[2010/01/30 21:21:14 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/29 19:14:27 | 000,028,409 | ---- | C] () -- C:\WINDOWS\System32\O9I033SIX1.dat
[2010/01/29 18:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19589.exe
[2010/01/29 18:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15281.exe
[2010/01/29 18:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14798.exe
[2010/01/29 17:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19796.exe
[2010/01/29 17:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20580.exe
[2010/01/29 17:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6618.exe
[2010/01/29 16:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13458.exe
[2010/01/29 16:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25200.exe
[2010/01/29 16:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7448.exe
[2010/01/29 15:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9503.exe
[2010/01/29 15:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29314.exe
[2010/01/29 15:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1587.exe
[2010/01/29 14:53:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30523.exe
[2010/01/29 14:33:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14343.exe
[2010/01/29 14:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3093.exe
[2010/01/29 13:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20485.exe
[2010/01/29 13:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3195.exe
[2010/01/29 13:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32702.exe
[2010/01/29 12:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14989.exe
[2010/01/29 12:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32609.exe
[2010/01/29 12:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5844.exe
[2010/01/29 11:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11008.exe
[2010/01/29 11:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6224.exe
[2010/01/29 11:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30303.exe
[2010/01/29 10:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22798.exe
[2010/01/29 10:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31556.exe
[2010/01/29 10:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16519.exe
[2010/01/29 09:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5249.exe
[2010/01/29 09:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20600.exe
[2010/01/29 09:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17451.exe
[2010/01/29 08:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18935.exe
[2010/01/29 08:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7616.exe
[2010/01/29 08:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14309.exe
[2010/01/29 07:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9514.exe
[2010/01/29 07:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22813.exe
[2010/01/29 07:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6617.exe
[2010/01/29 06:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14310.exe
[2010/01/29 06:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2421.exe
[2010/01/29 06:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17807.exe
[2010/01/29 05:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22483.exe
[2010/01/29 05:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24648.exe
[2010/01/29 05:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14893.exe
[2010/01/29 04:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3728.exe
[2010/01/29 04:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\467.exe
[2010/01/29 04:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18127.exe
[2010/01/29 03:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3788.exe
[2010/01/29 03:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6900.exe
[2010/01/29 03:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27938.exe
[2010/01/29 02:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26418.exe
[2010/01/29 02:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1999.exe
[2010/01/29 02:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\53.exe
[2010/01/29 01:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4734.exe
[2010/01/29 01:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8281.exe
[2010/01/29 01:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24484.exe
[2010/01/29 00:53:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19668.exe
[2010/01/29 00:33:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23199.exe
[2010/01/29 00:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27348.exe
[2010/01/28 23:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24021.exe
[2010/01/28 23:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4596.exe
[2010/01/28 23:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11020.exe
[2010/01/28 22:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9374.exe
[2010/01/28 22:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30836.exe
[2010/01/28 22:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10291.exe
[2010/01/28 21:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24350.exe
[2010/01/28 21:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3602.exe
[2010/01/28 21:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4041.exe
[2010/01/28 20:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27595.exe
[2010/01/28 20:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6483.exe
[2010/01/28 20:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21548.exe
[2010/01/28 19:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20537.exe
[2010/01/28 19:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27624.exe
[2010/01/28 19:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6359.exe
[2010/01/28 18:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17410.exe
[2010/01/28 18:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1655.exe
[2010/01/28 18:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18762.exe
[2010/01/28 17:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32591.exe
[2010/01/28 17:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\900.exe
[2010/01/28 17:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29168.exe
[2010/01/28 16:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16413.exe
[2010/01/28 16:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13030.exe
[2010/01/28 16:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27506.exe
[2010/01/28 15:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24946.exe
[2010/01/28 15:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6422.exe
[2010/01/28 15:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18588.exe
[2010/01/28 14:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24221.exe
[2010/01/28 14:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9758.exe
[2010/01/28 14:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32209.exe
[2010/01/28 13:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8909.exe
[2010/01/28 13:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14945.exe
[2010/01/28 13:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10383.exe
[2010/01/28 12:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27753.exe
[2010/01/28 12:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12287.exe
[2010/01/28 12:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15457.exe
[2010/01/28 11:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11337.exe
[2010/01/28 11:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18007.exe
[2010/01/28 11:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30191.exe
[2010/01/28 10:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31107.exe
[2010/01/28 10:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3430.exe
[2010/01/28 10:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13966.exe
[2010/01/28 09:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21724.exe
[2010/01/28 09:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16941.exe
[2010/01/28 09:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1150.exe
[2010/01/28 08:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27350.exe
[2010/01/28 08:33:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12052.exe
[2010/01/28 08:13:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4031.exe
[2010/01/28 07:53:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15574.exe
[2010/01/25 16:45:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23655.exe
[2010/01/25 16:25:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24767.exe
[2010/01/25 16:04:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22355.exe
[2010/01/25 15:44:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18636.exe
[2010/01/25 15:24:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9161.exe
[2010/01/25 15:03:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13290.exe
[2010/01/25 14:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23986.exe
[2010/01/25 14:23:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16512.exe
[2010/01/25 14:02:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5097.exe
[2010/01/25 13:42:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15573.exe
[2010/01/25 13:21:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26777.exe
[2010/01/25 13:01:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5829.exe
[2010/01/25 12:41:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6270.exe
[2010/01/25 12:34:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:20:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19072.exe
[2010/01/25 12:10:22 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/25 12:00:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26924.exe
[2010/01/25 11:40:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28745.exe
[2010/01/25 11:20:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5021.exe
[2010/01/25 10:59:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22386.exe
[2010/01/25 10:39:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31673.exe
[2010/01/25 10:19:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2306.exe
[2010/01/25 09:58:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13977.exe
[2010/01/25 09:38:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9930.exe
[2010/01/25 09:18:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22704.exe
[2010/01/25 08:57:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29658.exe
[2010/01/25 08:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4639.exe
[2010/01/25 08:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31115.exe
[2010/01/25 07:56:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4833.exe
[2010/01/25 07:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16541.exe
[2010/01/25 07:15:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22929.exe
[2010/01/25 06:55:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2082.exe
[2010/01/25 06:35:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16118.exe
[2010/01/25 06:14:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21538.exe
[2010/01/25 05:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5537.exe
[2010/01/25 05:34:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11323.exe
[2010/01/25 05:13:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24626.exe
[2010/01/25 04:53:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32439.exe
[2010/01/25 04:33:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16944.exe
[2010/01/25 04:12:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26308.exe
[2010/01/25 03:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13931.exe
[2010/01/25 03:32:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7376.exe
[2010/01/25 03:11:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4966.exe
[2010/01/25 02:51:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11840.exe
[2010/01/25 02:31:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18756.exe
[2010/01/25 02:10:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19954.exe
[2010/01/25 01:50:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24084.exe
[2010/01/25 01:30:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12623.exe
[2010/01/25 01:09:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19629.exe
[2010/01/25 00:49:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3548.exe
[2010/01/25 00:29:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24393.exe
[2010/01/25 00:08:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31101.exe
[2010/01/24 01:58:58 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/23 21:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15006.exe
[2010/01/23 21:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15350.exe
[2010/01/23 21:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24370.exe
[2010/01/23 20:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6729.exe
[2010/01/23 20:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15890.exe
[2010/01/23 20:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23805.exe
[2010/01/23 19:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27446.exe
[2010/01/23 19:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22648.exe
[2010/01/23 19:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19264.exe
[2010/01/23 18:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8942.exe
[2010/01/23 18:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9040.exe
[2010/01/23 18:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30106.exe
[2010/01/23 17:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\288.exe
[2010/01/23 17:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1842.exe
[2010/01/23 17:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22190.exe
[2010/01/23 16:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3035.exe
[2010/01/23 16:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12316.exe
[2010/01/23 16:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\778.exe
[2010/01/23 15:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27529.exe
[2010/01/23 15:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9741.exe
[2010/01/23 15:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8723.exe
[2010/01/23 14:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12859.exe
[2010/01/23 14:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20037.exe
[2010/01/23 14:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32757.exe
[2010/01/23 13:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32662.exe
[2010/01/23 13:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27644.exe
[2010/01/23 13:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25547.exe
[2010/01/23 12:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6868.exe
[2010/01/23 12:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28253.exe
[2010/01/23 12:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7711.exe
[2010/01/23 11:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15141.exe
[2010/01/23 11:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4664.exe
[2010/01/23 11:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17673.exe
[2010/01/23 10:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30333.exe
[2010/01/23 10:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31322.exe
[2010/01/23 10:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23811.exe
[2010/01/23 09:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28703.exe
[2010/01/23 09:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9894.exe
[2010/01/23 09:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17035.exe
[2010/01/23 08:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26299.exe
[2010/01/23 08:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25667.exe
[2010/01/23 08:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19912.exe
[2010/01/23 07:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1869.exe
[2010/01/23 07:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11538.exe
[2010/01/23 07:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14771.exe
[2010/01/23 06:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21726.exe
[2010/01/23 06:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2010/01/23 06:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2010/01/23 05:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2010/01/23 05:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2010/01/23 05:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2010/01/23 04:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2010/01/23 04:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2010/01/23 04:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2010/01/23 03:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2010/01/23 03:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2010/01/23 03:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2010/01/23 02:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010/01/23 02:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010/01/23 02:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010/01/23 01:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010/01/23 01:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/23 01:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/01/23 00:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/23 00:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/23 00:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/22 23:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/22 23:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/22 23:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/22 22:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/22 22:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/22 22:13:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/22 21:53:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/22 21:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/22 21:13:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/22 21:03:41 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\Start.bat
[2010/01/22 20:56:33 | 001,088,512 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:53:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | C] () -- C:\confin.sys
[2010/01/22 20:33:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IS15.exe
[2010/01/22 20:33:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010/01/22 20:33:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010/01/22 20:33:07 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk
[2010/01/22 20:33:06 | 000,004,286 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/22 20:33:06 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/22 20:32:56 | 000,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/22 20:09:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/22 20:09:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/01/22 20:06:58 | 000,000,648 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/22 20:06:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/22 20:06:45 | 000,118,256 | ---- | C] () -- C:\WINDOWS\System32\7Pb5AGmfE-.exe
[2010/01/22 20:06:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\msa.exe
[2010/01/22 20:06:23 | 000,000,312 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/01/22 20:06:15 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/01/22 20:06:07 | 000,000,001 | ---- | C] () -- C:\s
[2010/01/22 20:06:02 | 000,015,000 | ---- | C] () -- C:\WINDOWS\System32\k8efzgigz.dll
[2010/01/22 20:06:01 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/22 20:05:39 | 000,057,356 | ---- | C] () -- C:\WINDOWS\System32\net.net
[2010/01/22 18:49:24 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:54 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/22 00:08:16 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/22 00:08:15 | 000,000,478 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/22 00:08:15 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/22 00:08:03 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2010/01/21 23:20:59 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/21 23:01:03 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/21 23:01:03 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/21 23:00:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/21 21:50:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/21 21:50:11 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/21 21:50:11 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/21 12:24:16 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2009/12/26 00:07:24 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\Dr--iXA0_rR.dll
[2009/02/18 14:43:08 | 000,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2008/08/28 10:03:20 | 000,024,155 | ---- | C] () -- C:\Program Files\orilliapic.jpg
[2008/08/10 12:33:11 | 000,016,190 | ---- | C] () -- C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent
[2008/08/10 12:30:38 | 000,017,276 | ---- | C] () -- C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent
[2008/07/11 10:35:54 | 000,014,006 | ---- | C] () -- C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent
[2008/07/10 08:49:37 | 000,012,732 | ---- | C] () -- C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent
[2008/07/10 06:00:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/10 06:00:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/08 09:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2008/03/17 09:02:44 | 000,022,764 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\Microsoft Excel.ADR
[2007/11/18 11:07:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/01 10:16:19 | 000,000,396 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
[2007/03/31 13:22:11 | 000,000,703 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007/03/27 10:54:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/26 13:41:42 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2007/03/26 13:41:42 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\DMAPI.dll
[2006/09/09 16:05:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/04/14 21:30:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006/01/31 14:26:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/01/12 19:51:52 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005/07/15 05:33:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/02/19 09:15:11 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2005/02/09 20:24:56 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2005/02/09 17:24:29 | 003,691,666 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\imageCache.db
[2005/02/09 16:20:49 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2005/01/09 13:19:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/09 16:45:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JPR.{PB
[2004/12/09 16:45:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JCM.{PB
[2004/09/11 15:44:12 | 000,000,613 | ---- | C] () -- C:\WINDOWS\pmontage.ini
[2004/09/11 15:44:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Pm_setup.ini
[2004/09/11 15:43:42 | 000,000,745 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2004/09/11 15:10:20 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson880.ini
[2004/09/09 14:27:04 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/09/09 14:27:04 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7651CD09DA.sys
[2004/07/09 14:41:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/09 14:38:32 | 000,000,184 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2004/07/09 14:27:59 | 000,043,786 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004/07/09 14:23:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2004/07/09 14:23:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2004/07/09 14:23:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2004/07/09 14:23:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2004/07/09 14:22:39 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/07/09 10:32:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\dm.ini
[2004/06/26 07:05:02 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/22 11:23:22 | 000,001,908 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/18 20:48:07 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/06/18 20:37:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/18 20:32:09 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/06/18 20:31:57 | 000,000,123 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/06/09 13:17:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/09 13:09:17 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/06/09 13:08:36 | 000,000,516 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/09 13:04:35 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/09 12:55:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/09 12:55:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/09 12:42:04 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/13 08:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 05:00:00 | 000,140,800 | ---- | C] () -- C:\WINDOWS\enokawasaxoveseb.dll
[2002/08/29 05:00:00 | 000,037,376 | ---- | C] () -- C:\WINDOWS\kbet70A.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Wayne Noble\Desktop\~:SummaryInformation
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 31, 2010 6:04 pm

and Extras
OTL Extras logfile created on: 31/01/2010 12:57:57 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Wayne Noble\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 9.65 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBQMM051
Current User Name: Wayne Noble
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DDB451-69B4-417C-A5A1-470648AB5E38}" = MapSource - MetroGuide Canada v4
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40FC0E46-52DB-0B66-B31B-C9B0F8EE6F51}" = Search Assistant Searchersmart
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4B04C8A6-8282-420B-A9CD-62E68E8A47C2}" = URL.BIZ ip blocker 1.0
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4DEE75B1-B201-4DA3-A50F-007CDB00DA23}" = Microsoft LifeCam
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{580183A6-FF92-11D5-9294-0050BA073EEC}" = Presto! PageManager 6
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DF68560-292A-11D5-99D1-00010256D40E}" = DV Studio3
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80B744FE-8712-4D44-A239-EBB7B8979F7E}" = ParetoLogic Anti-Virus PLUS
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9196D6F6-340D-4D10-A8D4-FCB6AF7DDA25}" = MapCreate U.S.A Hunting w/ Topo 6.3
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53AB16A-8DC1-11D6-B494-008048C29C40}" = USB MMC-SD Reader
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = USB 2.0 MMC/SD Card Reader
"{BC03FCE8-388F-48C0-9600-B53ACB297B5F}" = ArcSoft Software Suite
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C4FE00AF-E29D-4220-B118-0B453F3539E0}" = Garmin TOPO Great Britain v2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E2F46A9E-11FD-47A3-A8B8-73B085BB7EBC}" = SymNet
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"7Pb5AGmfE-" = LoudMo Contextual Ad Assistant
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"BB_is1" = Band-in-a-Box 2005
"Cakewalk Pro Audio 7.0" = Cakewalk Pro Audio 7.0
"Chessmaster 9000" = Chessmaster 9000
"Corel Uninstaller" = Corel Uninstaller
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"Graboid Video" = Graboid Video 1.3
"HijackThis" = HijackThis 2.0.2
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 1.37
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{35DDB451-69B4-417C-A5A1-470648AB5E38}" = MapSource - MetroGuide Canada v4
"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"InstallShield_{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC
"Intel(R) 537EP V9x DFV PCI Modem" = Intel(R) 537EP V9x DFV PCI Modem
"LiveReg" = LiveReg (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"net" = Advertisement Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCFriendly" = PCFriendly
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.3.1
"PhotoMontage 2000" = PhotoMontage 2000
"Power MP3 WMA Converter 1.14" = Power MP3 WMA Converter 1.14
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RegCure" = RegCure
"rvtpznduvtpo" = RON Tool Offersfortoday
"Shockwave" = Shockwave
"Spyware Doctor" = Spyware Doctor 7.0
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/01/2010 9:05:37 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.33.0.1000, faulting
module superantispyware.exe, version 4.33.0.1000, fault address 0x00004387.

Error - 22/01/2010 9:05:48 PM | Computer Name = DBQMM051 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: An internal certificate chaining error has occurred.

Error - 24/01/2010 1:09:52 AM | Computer Name = DBQMM051 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/01/2010 1:09:52 AM | Computer Name = DBQMM051 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/01/2010 1:10:07 AM | Computer Name = DBQMM051 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 26/01/2010 2:13:40 PM | Computer Name = DBQMM051 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/01/2010 2:19:04 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application mfindexer.exe, version 8.232.0.0, faulting module
user32.dll, version 5.1.2600.3099, fault address 0x0001356f.

Error - 30/01/2010 7:41:22 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application mfindexer.exe, version 8.232.0.0, faulting module
user32.dll, version 5.1.2600.3099, fault address 0x0001356f.

Error - 30/01/2010 10:52:41 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 3.3.3302.0, faulting module
unknown, version 0.0.0.0, fault address 0x008c6578.

Error - 30/01/2010 11:59:40 PM | Computer Name = DBQMM051 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
enokawasaxoveseb.dll, version 0.0.0.0, fault address 0x0001d4bb.

[ System Events ]
Error - 31/01/2010 12:25:12 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 31/01/2010 12:25:12 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Lic NetConnect
service service to connect.

Error - 31/01/2010 12:25:12 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
P3 Processor

Error - 31/01/2010 12:30:19 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Settings Manager
service to connect.

Error - 31/01/2010 12:30:19 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate Notice service
to connect.

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7000
Description = The Helodrmkipbd service failed to start due to the following error:
%%3

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7000
Description = The Savradm service failed to start due to the following error: %%3

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Lic NetConnect
service service to connect.

Error - 31/01/2010 12:30:20 AM | Computer Name = DBQMM051 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
P3 Processor


< End of report >

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sun Jan 31, 2010 7:58 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Jan 31, 2010 9:13 pm

It won't let me run combofix, it says the "file is infected" and asks me to run my anti virus software.
I looked at how to disable my AV, but it seems nȯne of them apply to me.
I turned off windows firwall, and my Norton doesn't open

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Feb 01, 2010 1:21 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\SYSTEM32\smss32.exe (UiRXgyfcN)
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\SYSTEM32\winlogon32.exe (UiRXgyfcN)
    O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\SYSTEM32\k8efzgigz.dll ()
    O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell - "" = AutoRun
    O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    [2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
    [2010/01/22 20:06:06 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
    [2010/01/22 20:06:02 | 000,022,528 | ---- | C] (UiRXgyfcN) -- C:\kkalf.exe
    [2010/01/31 12:54:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/01/31 12:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
    [2010/01/31 12:40:00 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010/01/31 12:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
    [2010/01/31 12:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
    [2010/01/31 11:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
    [2010/01/31 11:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
    [2010/01/31 11:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
    [2010/01/31 10:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
    [2010/01/31 10:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
    [2010/01/31 10:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
    [2010/01/31 09:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
    [2010/01/31 09:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
    [2010/01/31 09:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
    [2010/01/31 08:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
    [2010/01/31 08:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
    [2010/01/31 08:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
    [2010/01/31 07:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
    [2010/01/31 07:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
    [2010/01/31 07:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
    [2010/01/31 06:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
    [2010/01/31 06:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
    [2010/01/31 06:12:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
    [2010/01/31 05:52:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
    [2010/01/31 05:32:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
    [2010/01/31 05:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
    [2010/01/31 04:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
    [2010/01/31 04:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
    [2010/01/31 04:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
    [2010/01/31 03:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
    [2010/01/31 03:34:03 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
    [2010/01/31 03:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
    [2010/01/31 03:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
    [2010/01/31 02:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
    [2010/01/31 02:31:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
    [2010/01/31 02:11:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2010/01/31 01:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2010/01/31 01:31:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2010/01/31 01:11:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2010/01/31 00:51:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2010/01/31 00:31:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2010/01/31 00:10:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2010/01/31 00:02:52 | 000,110,953 | ---- | M] () -- C:\autoexec.exe
    [2010/01/30 23:50:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/30 23:49:31 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe
    [2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\IS15.exe
    [2010/01/30 23:30:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
    [2010/01/30 23:30:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
    [2010/01/30 12:52:04 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk
    [2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
    [2010/01/30 12:51:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iqajocimafeyute.bin
    [2010/01/29 19:15:13 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\O9I033SIX1.dat
    [2010/01/29 18:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19589.exe
    [2010/01/29 18:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15281.exe
    [2010/01/29 18:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14798.exe
    [2010/01/29 17:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19796.exe
    [2010/01/29 17:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20580.exe
    [2010/01/29 17:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6618.exe
    [2010/01/29 16:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13458.exe
    [2010/01/29 16:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25200.exe
    [2010/01/29 16:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7448.exe
    [2010/01/29 15:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9503.exe
    [2010/01/29 15:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29314.exe
    [2010/01/29 15:13:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1587.exe
    [2010/01/29 14:53:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30523.exe
    [2010/01/29 14:33:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14343.exe
    [2010/01/29 14:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3093.exe
    [2010/01/29 13:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20485.exe
    [2010/01/29 13:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3195.exe
    [2010/01/29 13:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32702.exe
    [2010/01/29 12:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14989.exe
    [2010/01/29 12:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32609.exe
    [2010/01/29 12:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5844.exe
    [2010/01/29 11:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11008.exe
    [2010/01/29 11:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6224.exe
    [2010/01/29 11:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30303.exe
    [2010/01/29 10:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22798.exe
    [2010/01/29 10:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31556.exe
    [2010/01/29 10:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16519.exe
    [2010/01/29 09:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5249.exe
    [2010/01/29 09:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20600.exe
    [2010/01/29 09:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17451.exe
    [2010/01/29 08:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18935.exe
    [2010/01/29 08:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7616.exe
    [2010/01/29 08:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14309.exe
    [2010/01/29 07:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9514.exe
    [2010/01/29 07:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22813.exe
    [2010/01/29 07:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6617.exe
    [2010/01/29 06:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14310.exe
    [2010/01/29 06:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2421.exe
    [2010/01/29 06:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17807.exe
    [2010/01/29 05:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22483.exe
    [2010/01/29 05:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24648.exe
    [2010/01/29 05:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14893.exe
    [2010/01/29 04:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3728.exe
    [2010/01/29 04:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\467.exe
    [2010/01/29 04:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18127.exe
    [2010/01/29 03:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3788.exe
    [2010/01/29 03:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6900.exe
    [2010/01/29 03:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27938.exe
    [2010/01/29 02:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26418.exe
    [2010/01/29 02:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1999.exe
    [2010/01/29 02:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\53.exe
    [2010/01/29 01:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4734.exe
    [2010/01/29 01:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8281.exe
    [2010/01/29 01:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24484.exe
    [2010/01/29 00:53:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19668.exe
    [2010/01/29 00:33:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23199.exe
    [2010/01/29 00:13:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27348.exe
    [2010/01/28 23:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24021.exe
    [2010/01/28 23:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4596.exe
    [2010/01/28 23:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11020.exe
    [2010/01/28 22:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9374.exe
    [2010/01/28 22:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30836.exe
    [2010/01/28 22:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10291.exe
    [2010/01/28 21:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24350.exe
    [2010/01/28 21:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3602.exe
    [2010/01/28 21:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4041.exe
    [2010/01/28 20:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27595.exe
    [2010/01/28 20:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6483.exe
    [2010/01/28 20:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21548.exe
    [2010/01/28 19:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20537.exe
    [2010/01/28 19:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27624.exe
    [2010/01/28 19:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6359.exe
    [2010/01/28 18:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17410.exe
    [2010/01/28 18:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1655.exe
    [2010/01/28 18:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18762.exe
    [2010/01/28 17:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32591.exe
    [2010/01/28 17:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\900.exe
    [2010/01/28 17:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29168.exe
    [2010/01/28 16:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16413.exe
    [2010/01/28 16:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13030.exe
    [2010/01/28 16:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27506.exe
    [2010/01/28 15:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24946.exe
    [2010/01/28 15:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6422.exe
    [2010/01/28 15:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18588.exe
    [2010/01/28 14:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24221.exe
    [2010/01/28 14:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9758.exe
    [2010/01/28 14:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32209.exe
    [2010/01/28 13:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8909.exe
    [2010/01/28 13:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14945.exe
    [2010/01/28 13:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10383.exe
    [2010/01/28 12:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27753.exe
    [2010/01/28 12:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12287.exe
    [2010/01/28 12:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15457.exe
    [2010/01/28 11:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11337.exe
    [2010/01/28 11:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18007.exe
    [2010/01/28 11:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30191.exe
    [2010/01/28 10:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31107.exe
    [2010/01/28 10:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3430.exe
    [2010/01/28 10:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13966.exe
    [2010/01/28 09:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21724.exe
    [2010/01/28 09:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16941.exe
    [2010/01/28 09:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1150.exe
    [2010/01/28 08:53:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27350.exe
    [2010/01/28 08:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12052.exe
    [2010/01/28 08:13:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4031.exe
    [2010/01/28 07:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15574.exe
    [2010/01/28 07:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23655.exe
    [2010/01/28 07:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24767.exe
    [2010/01/28 06:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22355.exe
    [2010/01/28 06:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18636.exe
    [2010/01/28 06:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9161.exe
    [2010/01/28 05:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13290.exe
    [2010/01/28 05:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23986.exe
    [2010/01/28 05:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16512.exe
    [2010/01/28 04:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5097.exe
    [2010/01/28 04:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15573.exe
    [2010/01/28 04:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26777.exe
    [2010/01/28 03:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5829.exe
    [2010/01/28 03:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6270.exe
    [2010/01/28 03:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19072.exe
    [2010/01/28 02:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26924.exe
    [2010/01/28 02:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28745.exe
    [2010/01/28 02:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5021.exe
    [2010/01/28 01:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22386.exe
    [2010/01/28 01:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31673.exe
    [2010/01/28 01:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2306.exe
    [2010/01/28 00:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13977.exe
    [2010/01/28 00:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9930.exe
    [2010/01/28 00:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22704.exe
    [2010/01/27 23:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29658.exe
    [2010/01/27 23:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4639.exe
    [2010/01/27 23:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31115.exe
    [2010/01/27 22:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4833.exe
    [2010/01/27 22:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16541.exe
    [2010/01/27 22:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
    [2010/01/27 21:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
    [2010/01/27 21:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
    [2010/01/27 21:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
    [2010/01/27 20:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
    [2010/01/27 20:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
    [2010/01/27 20:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
    [2010/01/27 19:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
    [2010/01/27 19:33:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
    [2010/01/27 19:13:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
    [2010/01/27 18:53:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
    [2010/01/27 18:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
    [2010/01/27 18:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
    [2010/01/27 17:53:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
    [2010/01/27 17:33:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
    [2010/01/27 17:13:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
    [2010/01/27 16:53:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
    [2010/01/27 16:33:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
    [2010/01/27 16:13:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
    [2010/01/27 15:53:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
    [2010/01/27 15:33:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
    [2010/01/27 15:13:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
    [2010/01/27 14:53:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
    [2010/01/27 14:33:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
    [2010/01/27 14:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
    [2010/01/27 13:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
    [2010/01/27 13:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
    [2010/01/27 13:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
    [2010/01/27 12:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
    [2010/01/27 12:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
    [2010/01/27 12:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
    [2010/01/27 11:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
    [2010/01/27 11:33:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
    [2010/01/27 11:13:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
    [2010/01/27 10:53:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
    [2010/01/27 10:33:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
    [2010/01/27 10:12:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
    [2010/01/27 09:52:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
    [2010/01/27 09:32:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
    [2010/01/27 09:12:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
    [2010/01/27 08:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
    [2010/01/27 08:31:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
    [2010/01/27 08:11:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
    [2010/01/27 07:50:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
    [2010/01/27 07:30:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
    [2010/01/27 07:10:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
    [2010/01/27 06:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
    [2010/01/27 06:29:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
    [2010/01/27 06:09:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
    [2010/01/27 05:49:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
    [2010/01/27 05:28:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
    [2010/01/27 05:08:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
    [2010/01/27 04:48:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
    [2010/01/27 04:27:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
    [2010/01/27 04:07:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
    [2010/01/27 03:47:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
    [2010/01/27 03:27:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
    [2010/01/27 03:06:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
    [2010/01/22 20:06:45 | 000,118,256 | ---- | M] () -- C:\WINDOWS\System32\7Pb5AGmfE-.exe
    [2010/01/22 20:06:11 | 000,180,224 | ---- | M] () -- C:\WINDOWS\msa.exe
    [2010/01/22 20:06:07 | 000,000,001 | ---- | M] () -- C:\s
    [2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\winlogon32.exe
    [2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\WINDOWS\System32\smss32.exe
    [2010/01/22 20:06:02 | 000,022,528 | ---- | M] (UiRXgyfcN) -- C:\kkalf.exe
    [2010/01/22 20:06:02 | 000,015,000 | ---- | M] () -- C:\WINDOWS\System32\k8efzgigz.dll
    [2010/01/22 20:05:39 | 000,057,356 | ---- | M] () -- C:\WINDOWS\System32\net.net
    [2010/01/22 19:49:17 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "UserInit"="C:\WINDOWS\system32\userinit.exe,"


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 8:40 am

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
C:\WINDOWS\SYSTEM32\smss32.exe moved successfully.
Starting removal of ActiveX control {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error.\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\winlogon32.exe deleted successfully.
C:\WINDOWS\SYSTEM32\winlogon32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C4BF49A2-94F1-42BD-F034-3604811C807D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
C:\WINDOWS\SYSTEM32\k8efzgigz.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7db3f4a-fefd-11db-bd20-000f1f4bbea8}\ not found.
File F:\LaunchU3.exe not found.
File C:\WINDOWS\System32\winlogon32.exe not found.
File C:\WINDOWS\System32\smss32.exe not found.
C:\kkalf.exe moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\SYSTEM32\28703.exe moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\WINDOWS\SYSTEM32\9894.exe moved successfully.
C:\WINDOWS\SYSTEM32\17035.exe moved successfully.
C:\WINDOWS\SYSTEM32\26299.exe moved successfully.
C:\WINDOWS\SYSTEM32\25667.exe moved successfully.
C:\WINDOWS\SYSTEM32\19912.exe moved successfully.
C:\WINDOWS\SYSTEM32\1869.exe moved successfully.
C:\WINDOWS\SYSTEM32\11538.exe moved successfully.
C:\WINDOWS\SYSTEM32\14771.exe moved successfully.
C:\WINDOWS\SYSTEM32\21726.exe moved successfully.
C:\WINDOWS\SYSTEM32\5447.exe moved successfully.
C:\WINDOWS\SYSTEM32\19895.exe moved successfully.
C:\WINDOWS\SYSTEM32\19718.exe moved successfully.
C:\WINDOWS\SYSTEM32\18716.exe moved successfully.
C:\WINDOWS\SYSTEM32\17421.exe moved successfully.
C:\WINDOWS\SYSTEM32\12382.exe moved successfully.
C:\WINDOWS\SYSTEM32\292.exe moved successfully.
C:\WINDOWS\SYSTEM32\153.exe moved successfully.
C:\WINDOWS\SYSTEM32\3902.exe moved successfully.
C:\WINDOWS\SYSTEM32\14604.exe moved successfully.
C:\WINDOWS\SYSTEM32\32391.exe moved successfully.
C:\WINDOWS\SYSTEM32\5436.exe moved successfully.
C:\WINDOWS\SYSTEM32\4827.exe moved successfully.
C:\WINDOWS\SYSTEM32\11942.exe moved successfully.
C:\WINDOWS\SYSTEM32\2995.exe moved successfully.
C:\WINDOWS\SYSTEM32\491.exe moved successfully.
C:\WINDOWS\SYSTEM32\9961.exe moved successfully.
C:\WINDOWS\SYSTEM32\16827.exe moved successfully.
C:\WINDOWS\tasks\RegCure.job moved successfully.
C:\WINDOWS\SYSTEM32\23281.exe moved successfully.
C:\WINDOWS\SYSTEM32\28145.exe moved successfully.
C:\WINDOWS\SYSTEM32\5705.exe moved successfully.
C:\WINDOWS\SYSTEM32\24464.exe moved successfully.
C:\WINDOWS\SYSTEM32\26962.exe moved successfully.
C:\WINDOWS\SYSTEM32\29358.exe moved successfully.
C:\WINDOWS\SYSTEM32\11478.exe moved successfully.
C:\WINDOWS\SYSTEM32\15724.exe moved successfully.
C:\WINDOWS\SYSTEM32\19169.exe moved successfully.
C:\WINDOWS\SYSTEM32\26500.exe moved successfully.
C:\WINDOWS\SYSTEM32\6334.exe moved successfully.
C:\autoexec.exe moved successfully.
C:\WINDOWS\SYSTEM32\18467.exe moved successfully.
C:\Documents and Settings\Wayne Noble\Desktop\4kmft5rn.exe moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\IS15.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\41.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\helper32.dll scheduled to be moved on reboot.
C:\Documents and Settings\Wayne Noble\Desktop\AntiVirus Plus.lnk moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk moved successfully.
C:\WINDOWS\Iqajocimafeyute.bin moved successfully.
C:\WINDOWS\SYSTEM32\O9I033SIX1.dat moved successfully.
C:\WINDOWS\SYSTEM32\19589.exe moved successfully.
C:\WINDOWS\SYSTEM32\15281.exe moved successfully.
C:\WINDOWS\SYSTEM32\14798.exe moved successfully.
C:\WINDOWS\SYSTEM32\19796.exe moved successfully.
C:\WINDOWS\SYSTEM32\20580.exe moved successfully.
C:\WINDOWS\SYSTEM32\6618.exe moved successfully.
C:\WINDOWS\SYSTEM32\13458.exe moved successfully.
C:\WINDOWS\SYSTEM32\25200.exe moved successfully.
C:\WINDOWS\SYSTEM32\7448.exe moved successfully.
C:\WINDOWS\SYSTEM32\9503.exe moved successfully.
C:\WINDOWS\SYSTEM32\29314.exe moved successfully.
C:\WINDOWS\SYSTEM32\1587.exe moved successfully.
C:\WINDOWS\SYSTEM32\30523.exe moved successfully.
C:\WINDOWS\SYSTEM32\14343.exe moved successfully.
C:\WINDOWS\SYSTEM32\3093.exe moved successfully.
C:\WINDOWS\SYSTEM32\20485.exe moved successfully.
C:\WINDOWS\SYSTEM32\3195.exe moved successfully.
C:\WINDOWS\SYSTEM32\32702.exe moved successfully.
C:\WINDOWS\SYSTEM32\14989.exe moved successfully.
C:\WINDOWS\SYSTEM32\32609.exe moved successfully.
C:\WINDOWS\SYSTEM32\5844.exe moved successfully.
C:\WINDOWS\SYSTEM32\11008.exe moved successfully.
C:\WINDOWS\SYSTEM32\6224.exe moved successfully.
C:\WINDOWS\SYSTEM32\30303.exe moved successfully.
C:\WINDOWS\SYSTEM32\22798.exe moved successfully.
C:\WINDOWS\SYSTEM32\31556.exe moved successfully.
C:\WINDOWS\SYSTEM32\16519.exe moved successfully.
C:\WINDOWS\SYSTEM32\5249.exe moved successfully.
C:\WINDOWS\SYSTEM32\20600.exe moved successfully.
C:\WINDOWS\SYSTEM32\17451.exe moved successfully.
C:\WINDOWS\SYSTEM32\18935.exe moved successfully.
C:\WINDOWS\SYSTEM32\7616.exe moved successfully.
C:\WINDOWS\SYSTEM32\14309.exe moved successfully.
C:\WINDOWS\SYSTEM32\9514.exe moved successfully.
C:\WINDOWS\SYSTEM32\22813.exe moved successfully.
C:\WINDOWS\SYSTEM32\6617.exe moved successfully.
C:\WINDOWS\SYSTEM32\14310.exe moved successfully.
C:\WINDOWS\SYSTEM32\2421.exe moved successfully.
C:\WINDOWS\SYSTEM32\17807.exe moved successfully.
C:\WINDOWS\SYSTEM32\22483.exe moved successfully.
C:\WINDOWS\SYSTEM32\24648.exe moved successfully.
C:\WINDOWS\SYSTEM32\14893.exe moved successfully.
C:\WINDOWS\SYSTEM32\3728.exe moved successfully.
C:\WINDOWS\SYSTEM32\467.exe moved successfully.
C:\WINDOWS\SYSTEM32\18127.exe moved successfully.
C:\WINDOWS\SYSTEM32\3788.exe moved successfully.
C:\WINDOWS\SYSTEM32\6900.exe moved successfully.
C:\WINDOWS\SYSTEM32\27938.exe moved successfully.
C:\WINDOWS\SYSTEM32\26418.exe moved successfully.
C:\WINDOWS\SYSTEM32\1999.exe moved successfully.
C:\WINDOWS\SYSTEM32\53.exe moved successfully.
C:\WINDOWS\SYSTEM32\4734.exe moved successfully.
C:\WINDOWS\SYSTEM32\8281.exe moved successfully.
C:\WINDOWS\SYSTEM32\24484.exe moved successfully.
C:\WINDOWS\SYSTEM32\19668.exe moved successfully.
C:\WINDOWS\SYSTEM32\23199.exe moved successfully.
C:\WINDOWS\SYSTEM32\27348.exe moved successfully.
C:\WINDOWS\SYSTEM32\24021.exe moved successfully.
C:\WINDOWS\SYSTEM32\4596.exe moved successfully.
C:\WINDOWS\SYSTEM32\11020.exe moved successfully.
C:\WINDOWS\SYSTEM32\9374.exe moved successfully.
C:\WINDOWS\SYSTEM32\30836.exe moved successfully.
C:\WINDOWS\SYSTEM32\10291.exe moved successfully.
C:\WINDOWS\SYSTEM32\24350.exe moved successfully.
C:\WINDOWS\SYSTEM32\3602.exe moved successfully.
C:\WINDOWS\SYSTEM32\4041.exe moved successfully.
C:\WINDOWS\SYSTEM32\27595.exe moved successfully.
C:\WINDOWS\SYSTEM32\6483.exe moved successfully.
C:\WINDOWS\SYSTEM32\21548.exe moved successfully.
C:\WINDOWS\SYSTEM32\20537.exe moved successfully.
C:\WINDOWS\SYSTEM32\27624.exe moved successfully.
C:\WINDOWS\SYSTEM32\6359.exe moved successfully.
C:\WINDOWS\SYSTEM32\17410.exe moved successfully.
C:\WINDOWS\SYSTEM32\1655.exe moved successfully.
C:\WINDOWS\SYSTEM32\18762.exe moved successfully.
C:\WINDOWS\SYSTEM32\32591.exe moved successfully.
C:\WINDOWS\SYSTEM32\900.exe moved successfully.
C:\WINDOWS\SYSTEM32\29168.exe moved successfully.
C:\WINDOWS\SYSTEM32\16413.exe moved successfully.
C:\WINDOWS\SYSTEM32\13030.exe moved successfully.
C:\WINDOWS\SYSTEM32\27506.exe moved successfully.
C:\WINDOWS\SYSTEM32\24946.exe moved successfully.
C:\WINDOWS\SYSTEM32\6422.exe moved successfully.
C:\WINDOWS\SYSTEM32\18588.exe moved successfully.
C:\WINDOWS\SYSTEM32\24221.exe moved successfully.
C:\WINDOWS\SYSTEM32\9758.exe moved successfully.
C:\WINDOWS\SYSTEM32\32209.exe moved successfully.
C:\WINDOWS\SYSTEM32\8909.exe moved successfully.
C:\WINDOWS\SYSTEM32\14945.exe moved successfully.
C:\WINDOWS\SYSTEM32\10383.exe moved successfully.
C:\WINDOWS\SYSTEM32\27753.exe moved successfully.
C:\WINDOWS\SYSTEM32\12287.exe moved successfully.
C:\WINDOWS\SYSTEM32\15457.exe moved successfully.
C:\WINDOWS\SYSTEM32\11337.exe moved successfully.
C:\WINDOWS\SYSTEM32\18007.exe moved successfully.
C:\WINDOWS\SYSTEM32\30191.exe moved successfully.
C:\WINDOWS\SYSTEM32\31107.exe moved successfully.
C:\WINDOWS\SYSTEM32\3430.exe moved successfully.
C:\WINDOWS\SYSTEM32\13966.exe moved successfully.
C:\WINDOWS\SYSTEM32\21724.exe moved successfully.
C:\WINDOWS\SYSTEM32\16941.exe moved successfully.
C:\WINDOWS\SYSTEM32\1150.exe moved successfully.
C:\WINDOWS\SYSTEM32\27350.exe moved successfully.
C:\WINDOWS\SYSTEM32\12052.exe moved successfully.
C:\WINDOWS\SYSTEM32\4031.exe moved successfully.
C:\WINDOWS\SYSTEM32\15574.exe moved successfully.
C:\WINDOWS\SYSTEM32\23655.exe moved successfully.
C:\WINDOWS\SYSTEM32\24767.exe moved successfully.
C:\WINDOWS\SYSTEM32\22355.exe moved successfully.
C:\WINDOWS\SYSTEM32\18636.exe moved successfully.
C:\WINDOWS\SYSTEM32\9161.exe moved successfully.
C:\WINDOWS\SYSTEM32\13290.exe moved successfully.
C:\WINDOWS\SYSTEM32\23986.exe moved successfully.
C:\WINDOWS\SYSTEM32\16512.exe moved successfully.
C:\WINDOWS\SYSTEM32\5097.exe moved successfully.
C:\WINDOWS\SYSTEM32\15573.exe moved successfully.
C:\WINDOWS\SYSTEM32\26777.exe moved successfully.
C:\WINDOWS\SYSTEM32\5829.exe moved successfully.
C:\WINDOWS\SYSTEM32\6270.exe moved successfully.
C:\WINDOWS\SYSTEM32\19072.exe moved successfully.
C:\WINDOWS\SYSTEM32\26924.exe moved successfully.
C:\WINDOWS\SYSTEM32\28745.exe moved successfully.
C:\WINDOWS\SYSTEM32\5021.exe moved successfully.
C:\WINDOWS\SYSTEM32\22386.exe moved successfully.
C:\WINDOWS\SYSTEM32\31673.exe moved successfully.
C:\WINDOWS\SYSTEM32\2306.exe moved successfully.
C:\WINDOWS\SYSTEM32\13977.exe moved successfully.
C:\WINDOWS\SYSTEM32\9930.exe moved successfully.
C:\WINDOWS\SYSTEM32\22704.exe moved successfully.
C:\WINDOWS\SYSTEM32\29658.exe moved successfully.
C:\WINDOWS\SYSTEM32\4639.exe moved successfully.
C:\WINDOWS\SYSTEM32\31115.exe moved successfully.
C:\WINDOWS\SYSTEM32\4833.exe moved successfully.
C:\WINDOWS\SYSTEM32\16541.exe moved successfully.
C:\WINDOWS\SYSTEM32\22929.exe moved successfully.
C:\WINDOWS\SYSTEM32\2082.exe moved successfully.
C:\WINDOWS\SYSTEM32\16118.exe moved successfully.
C:\WINDOWS\SYSTEM32\21538.exe moved successfully.
C:\WINDOWS\SYSTEM32\5537.exe moved successfully.
C:\WINDOWS\SYSTEM32\11323.exe moved successfully.
C:\WINDOWS\SYSTEM32\24626.exe moved successfully.
C:\WINDOWS\SYSTEM32\32439.exe moved successfully.
C:\WINDOWS\SYSTEM32\16944.exe moved successfully.
C:\WINDOWS\SYSTEM32\26308.exe moved successfully.
C:\WINDOWS\SYSTEM32\13931.exe moved successfully.
C:\WINDOWS\SYSTEM32\7376.exe moved successfully.
C:\WINDOWS\SYSTEM32\4966.exe moved successfully.
C:\WINDOWS\SYSTEM32\11840.exe moved successfully.
C:\WINDOWS\SYSTEM32\18756.exe moved successfully.
C:\WINDOWS\SYSTEM32\19954.exe moved successfully.
C:\WINDOWS\SYSTEM32\24084.exe moved successfully.
C:\WINDOWS\SYSTEM32\12623.exe moved successfully.
C:\WINDOWS\SYSTEM32\19629.exe moved successfully.
C:\WINDOWS\SYSTEM32\3548.exe moved successfully.
C:\WINDOWS\SYSTEM32\24393.exe moved successfully.
C:\WINDOWS\SYSTEM32\31101.exe moved successfully.
C:\WINDOWS\SYSTEM32\15006.exe moved successfully.
C:\WINDOWS\SYSTEM32\15350.exe moved successfully.
C:\WINDOWS\SYSTEM32\24370.exe moved successfully.
C:\WINDOWS\SYSTEM32\6729.exe moved successfully.
C:\WINDOWS\SYSTEM32\15890.exe moved successfully.
C:\WINDOWS\SYSTEM32\23805.exe moved successfully.
C:\WINDOWS\SYSTEM32\27446.exe moved successfully.
C:\WINDOWS\SYSTEM32\22648.exe moved successfully.
C:\WINDOWS\SYSTEM32\19264.exe moved successfully.
C:\WINDOWS\SYSTEM32\8942.exe moved successfully.
C:\WINDOWS\SYSTEM32\9040.exe moved successfully.
C:\WINDOWS\SYSTEM32\30106.exe moved successfully.
C:\WINDOWS\SYSTEM32\288.exe moved successfully.
C:\WINDOWS\SYSTEM32\1842.exe moved successfully.
C:\WINDOWS\SYSTEM32\22190.exe moved successfully.
C:\WINDOWS\SYSTEM32\3035.exe moved successfully.
C:\WINDOWS\SYSTEM32\12316.exe moved successfully.
C:\WINDOWS\SYSTEM32\778.exe moved successfully.
C:\WINDOWS\SYSTEM32\27529.exe moved successfully.
C:\WINDOWS\SYSTEM32\9741.exe moved successfully.
C:\WINDOWS\SYSTEM32\8723.exe moved successfully.
C:\WINDOWS\SYSTEM32\12859.exe moved successfully.
C:\WINDOWS\SYSTEM32\20037.exe moved successfully.
C:\WINDOWS\SYSTEM32\32757.exe moved successfully.
C:\WINDOWS\SYSTEM32\32662.exe moved successfully.
C:\WINDOWS\SYSTEM32\27644.exe moved successfully.
C:\WINDOWS\SYSTEM32\25547.exe moved successfully.
C:\WINDOWS\SYSTEM32\6868.exe moved successfully.
C:\WINDOWS\SYSTEM32\28253.exe moved successfully.
C:\WINDOWS\SYSTEM32\7711.exe moved successfully.
C:\WINDOWS\SYSTEM32\15141.exe moved successfully.
C:\WINDOWS\SYSTEM32\4664.exe moved successfully.
C:\WINDOWS\SYSTEM32\17673.exe moved successfully.
C:\WINDOWS\SYSTEM32\30333.exe moved successfully.
C:\WINDOWS\SYSTEM32\31322.exe moved successfully.
C:\WINDOWS\SYSTEM32\23811.exe moved successfully.
C:\WINDOWS\SYSTEM32\7Pb5AGmfE-.exe moved successfully.
C:\WINDOWS\msa.exe moved successfully.
C:\s moved successfully.
File C:\WINDOWS\System32\winlogon32.exe not found.
File C:\WINDOWS\System32\smss32.exe not found.
File C:\kkalf.exe not found.
File C:\WINDOWS\System32\k8efzgigz.dll not found.
C:\WINDOWS\SYSTEM32\net.net moved successfully.
C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|"C:\WINDOWS\system32\userinit.exe," /E : value set successfully!

OTL by OldTimer - Version 3.1.27.1 log created on 02012010_033243

Files\Folders moved on Reboot...
C:\WINDOWS\SYSTEM32\IS15.exe moved successfully.
C:\WINDOWS\SYSTEM32\41.exe moved successfully.
C:\WINDOWS\SYSTEM32\helper32.dll moved successfully.

Registry entries deleted on Reboot...

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 8:56 am

I just tried combofix and it worked,
here's the log...
"Wayne Noble" - 2010-02-01 3:45:00 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Wayne Noble\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\drivers\fad.sys"


((((((((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))))))))


2010-02-01 03:34 0 --a------ C:\WINDOWS\Iqajocimafeyute.bin
2010-02-01 03:32 d-------- C:\_OTL
2010-01-30 22:06 d--hs---- C:\Documents and Settings\WAYNEN~1\PrivacIE
2010-01-30 22:06 d--hs---- C:\DOCUME~1\WAYNEN~1\PrivacIE
2010-01-30 22:04 d--hs---- C:\Documents and Settings\WAYNEN~1\IETldCache
2010-01-30 22:04 d--hs---- C:\DOCUME~1\WAYNEN~1\IETldCache
2010-01-30 21:58 d-------- C:\WINDOWS\ie8updates
2010-01-30 21:54 d--h-c--- C:\WINDOWS\ie8
2010-01-25 12:34 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2010-01-24 01:58 444 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2010-01-22 20:34 9 --a------ C:\confin.sys
2010-01-22 20:34 d--hs---- C:\DOCUME~1\WAYNEN~1\APPLIC~1\SystemProc
2010-01-22 20:09 120 --a------ C:\WINDOWS\Trorodizi.dat
2010-01-22 20:06 648 --a------ C:\WINDOWS\SYSTEM32\uses32.dat
2010-01-22 20:06 d--hs---- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\SystemProc
2010-01-22 20:05 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\AntiVirus Plus
2010-01-22 19:54 d-------- C:\Malwarebytes' Anti-Malware
2010-01-22 19:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-22 01:06 d-------- C:\Program Files\Trend Micro
2010-01-22 00:07 d----c--- C:\Program Files\ParetoLogic
2010-01-22 00:07 d-------- C:\Program Files\Common Files\ParetoLogic
2010-01-22 00:07 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Virus PLUS
2010-01-22 00:07 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic
2010-01-21 23:24 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.DBQ\NTUSER.DAT
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Symantec
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Sonic
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Jasc Software Inc
2010-01-21 23:24 d-------- C:\DOCUME~1\ADMINI~1.DBQ\APPLIC~1\Apple Computer
2010-01-21 23:20 233,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
2010-01-21 23:01 87,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PCTAppEvent.sys
2010-01-21 23:01 207,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PCTCore.sys
2010-01-21 23:00 70,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
2010-01-21 23:00 d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2010-01-21 23:00 d-------- C:\Program Files\Spyware Doctor
2010-01-21 23:00 d-------- C:\Program Files\Common Files\PC Tools
2010-01-21 23:00 d-------- C:\DOCUME~1\WAYNEN~1\APPLIC~1\PC Tools
2010-01-21 23:00 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2010-01-21 22:34 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2010-01-21 22:34 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2010-01-21 22:08 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2010-01-21 21:50 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RegCure


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2010-02-01 08:41:32 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\Skype
2010-02-01 08:38:08 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\skypePM
2010-01-22 17:28:53 -------- d-----w C:\DOCUME~1\WAYNEN~1\APPLIC~1\uTorrent
2010-01-22 02:50:01 -------- d-----w C:\Program Files\RegCure
2010-01-21 21:09:12 -------- d-----w C:\Program Files\Microsoft Silverlight
2010-01-21 17:46:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2010-01-19 06:08:16 -------- d-----w C:\Program Files\Hotspot Shield
2010-01-17 10:27:16 -------- d-----w C:\Program Files\Google
2009-12-26 05:07:24 1,183,744 ----a-w C:\WINDOWS\system32\Dr--iXA0_rR.dll
2009-12-15 21:11:23 -------- d-----w C:\Program Files\Microsoft LifeCam
2009-12-15 21:03:31 0 ----a-w C:\WINDOWS\system32\cd.dat
2009-11-22 22:01:05 56 ---ha-w C:\WINDOWS\system32\ezsidmv.dat
2005-01-08 23:08:16 56 --sh--r C:\WINDOWS\SYSTEM32\7651CD09DA.sys
2005-01-08 23:08:16 10,022 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 16:49]
{C4BF49A2-94F1-42BD-F034-3604811C807D}=C:\WINDOWS\system32\k8efzgigz.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 16:21]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 19:47]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 10:38]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 14:52]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 01:49]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 15:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 23:08]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-11-12 16:33]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 18:54]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2009-11-18 12:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 10:44]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-10-09 13:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=1 (0x1)
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"RTHDBPL"=C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C4BF49A2-94F1-42BD-F034-3604811C807D}"="C:\WINDOWS\system32\k8efzgigz.dll" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli kbet70A.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2010-01-30 21:11:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2010-01-26 01:05:17 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Wayne Noble.job
2010-01-31 17:41:03 C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
2010-01-30 23:30:32 C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
2010-01-31 05:33:06 C:\WINDOWS\tasks\ParetoLogic Update Version2.job
2010-01-30 23:30:33 C:\WINDOWS\tasks\RegCure Program Check.job
2010-02-01 08:35:08 C:\WINDOWS\tasks\RegCure Startup.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-01 03:51:23
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenKey, ZwQueryValueKey, ZwQueryDirectoryFile

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\Program Files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x????????????????????????????????????????D?w????????????7??w????x???x??????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe?????????????????????????????????????????????????????

scanning hȋdden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\H8SRTd.sys]
"imagepath"="\systemroot\system32\drivers\H8SRTehtpcvnoiy.sys"

Completion time: 2010-02-01 3:53:38
C:\ComboFix-quarantined-files.txt ... 2010-02-01 03:53

--- E O F ---

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 8:57 am

and here are the quarantined files..
Code:

2003-01-30 12:52      12073    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\FAD.sys.vir


Folder PATH listing
Volume serial number is 3420-6CD0
C:\QOOBOX
\---Quarantine
    +---C
    |  \---WINDOWS
    |      \---SYSTEM32
    |          \---DRIVERS
    |                  FAD.sys.vir
    |                 
    \---Registry_backups

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Feb 01, 2010 7:33 pm

Hello.
Please delete that version of Combofix you have, it's extremely old. Download a new version and run it please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 7:43 pm

The problem is, when I click on your links for combofix, I get redirected to ask.com, or Iamwired. It won't let me get to those links.

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Feb 01, 2010 8:28 pm

Please run OTL again and post the new OTL.txt log ONLY!!


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 01, 2010 10:48 pm

OTL logfile created on: 01/02/2010 5:44:41 PM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Wayne Noble\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 454.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 11.62 Gb Free Space | 7.80% Space Free | Partition Type: NTFS
Drive D: | 467.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DBQMM051
Current User Name: Wayne Noble
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
PRC - [2010/01/22 20:34:39 | 000,147,456 | -HS- | M] (HellFire) -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe
PRC - [2010/01/08 19:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/12/11 14:00:44 | 013,006,104 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/11/18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/08/06 10:44:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/19 19:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
PRC - [2005/11/14 08:05:05 | 000,083,456 | R--- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe
PRC - [2004/12/17 08:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2003/10/07 16:21:10 | 000,294,912 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/09/03 20:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2003/08/26 19:47:34 | 000,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2002/06/03 10:38:12 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
MOD - [2007/03/08 10:36:28 | 000,037,376 | ---- | M] () -- C:\WINDOWS\kbet70A.dll
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/06/03 10:37:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Savradm)
SRV - File not found [On_Demand | Stopped] -- -- (Helodrmkipbd)
SRV - [2010/01/17 05:27:20 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/01/08 19:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 19:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 18:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/18 14:40:36 | 000,587,216 | ---- | M] (ParetoLogic Inc.) [Auto | Running] -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe -- (ZeppelinService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/03/16 14:06:03 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 19:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 03:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/06/29 18:54:23 | 000,187,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamSvc.exe -- (MSCamSvc)
SRV - [2005/01/03 19:22:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/05/01 17:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [2000/05/24 14:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ATMsrvc.exe -- (ATMsrvc)


========== Driver Services (SafeList) ==========

DRV - [2009/11/12 16:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\taphss.sys -- (taphss)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vx3000.sys -- (VX3000)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eraserutilrebootdrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symim.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/02/19 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\navex15.sys -- (NAVEX15)
DRV - [2009/02/19 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\naveng.sys -- (NAVENG)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\symidsco.sys -- (SYMIDSCO)
DRV - [2009/01/09 13:01:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symevent.sys -- (SymEvent)
DRV - [2008/09/15 19:14:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\coh_mon.sys -- (COH_Mon)
DRV - [2008/01/31 20:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 20:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 20:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2007/08/08 19:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\co_mon.sys -- (CO_Mon)
DRV - [2007/03/08 16:18:00 | 000,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys -- (grmnusb)
DRV - [2006/08/31 12:03:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2005/10/19 07:59:12 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 02:09:58 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mstape.sys -- (MSTAPE)
DRV - [2004/08/04 02:09:58 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avcstrm.sys -- (AVCSTRM)
DRV - [2004/08/04 02:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 01:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2004/08/04 01:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2004/08/04 01:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/08/04 01:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelc53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/01/05 09:23:16 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fixustor.sys -- (fixustor)
DRV - [2003/11/18 11:38:32 | 000,591,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/09/26 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/09/26 00:04:00 | 000,098,164 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/09/26 00:04:00 | 000,083,572 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/09/26 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/09/26 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/09/26 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/09/26 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/09/26 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/09/26 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/09/19 02:21:00 | 000,084,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/08/11 09:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 12:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 10:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003/04/15 10:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2002/01/24 10:23:40 | 000,013,545 | ---- | M] (SCM Microsystems Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Stltrk2k.sys -- (Stltrk2k)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\modemcsa.sys -- (MODEMCSA)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvu1.sys -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {4a4f15aa-8569-f02e-7cb6-b10fe045b81c}:4.6.6.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {47D99070-1169-4A6B-AA14-DB1810417EF5}:1.9.1
FF - prefs.js..extensions.enabledItems: {3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}:1.9.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{47D99070-1169-4A6B-AA14-DB1810417EF5}: C:\Documents and Settings\Administrator.DBQMM051\Local Settings\Application Data\{47D99070-1169-4A6B-AA14-DB1810417EF5} [2010/01/22 20:09:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} [2010/01/22 20:32:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 03:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/17 04:19:11 | 000,000,000 | ---D | M]

[2008/12/10 10:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Extensions
[2010/01/22 21:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\extensions
[2009/07/01 14:20:48 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\searchplugins\conduit.xml
[2010/02/01 03:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/22 20:06:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{4a4f15aa-8569-f02e-7cb6-b10fe045b81c}
[2010/01/22 20:06:09 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2009/12/05 19:27:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/05 19:27:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/05 19:27:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/05 19:27:10 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\system32\k8efzgigz.dll) - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\System32\k8efzgigz.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe (HellFire)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\INetHTTPFilter.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} [You must be registered and logged in to see this link.] (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [You must be registered and logged in to see this link.] (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (InstallShield International Setup Player)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} [You must be registered and logged in to see this link.] (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [You must be registered and logged in to see this link.] (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\System32\k8efzgigz.dll File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/08 02:36:34 | 000,000,042 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/01 14:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Application Data\InstallShield
[2010/02/01 03:53:39 | 000,428,032 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/02/01 03:53:39 | 000,370,688 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swsc.exe
[2010/02/01 03:53:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/02/01 03:53:39 | 000,049,152 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2010/02/01 03:50:30 | 000,000,000 | ---D | C] -- C:\QooBox
[2010/02/01 03:32:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/01/31 00:24:11 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 22:06:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\PrivacIE
[2010/01/30 22:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\IETldCache
[2010/01/30 21:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/30 21:54:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/30 18:51:50 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 14:51:40 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/01/25 12:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en
[2010/01/22 20:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wayne Noble\Application Data\SystemProc
[2010/01/22 20:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4}
[2010/01/22 19:54:02 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/01/22 19:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/22 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 00:08:13 | 000,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/22 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/22 00:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\Downloaded Installations
[2010/01/21 23:20:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/21 23:01:03 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/21 23:01:03 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/21 23:00:57 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne Noble\Application Data\PC Tools
[2010/01/21 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/21 23:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/21 22:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/21 21:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/20 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/13 03:33:43 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/21 16:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Hotspot_Shield
[2008/07/10 05:59:27 | 000,642,540 | ---- | C] (Xvid team ) -- C:\Program Files\Xvid-1.1.3-27042008.exe
[2007/12/20 15:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/28 07:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2004/09/12 13:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/06/09 12:39:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/01 17:41:24 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/01 17:40:18 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/02/01 17:40:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 17:39:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/01 17:39:06 | 1071,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/01 03:58:52 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbam-setup.exe
[2010/02/01 03:44:40 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\ntuser.dat
[2010/02/01 03:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/02/01 03:33:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Wayne Noble\NTUSER.INI
[2010/02/01 03:17:03 | 000,000,648 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/02/01 03:13:52 | 000,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/31 15:34:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/31 12:41:03 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/31 00:33:06 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/31 00:24:17 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Noble\Desktop\OTL.exe
[2010/01/30 23:46:52 | 000,209,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Wayne Noble\Desktop\uninstall_flash_player.exe
[2010/01/30 21:58:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 21:07:37 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/30 20:51:15 | 000,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/01/30 19:20:34 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 18:51:51 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wayne Noble\Desktop\mbamsetup.exe
[2010/01/30 18:30:33 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/30 18:30:32 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/30 16:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/30 12:52:04 | 000,004,286 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/30 12:52:03 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/25 20:05:17 | 000,000,634 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Wayne Noble.job
[2010/01/25 16:42:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:10:23 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/24 01:58:58 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 20:56:33 | 001,088,512 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | M] () -- C:\confin.sys
[2010/01/22 18:49:24 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:55 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/21 21:50:01 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/21 12:24:16 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | M] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/01 03:53:39 | 000,087,040 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2010/02/01 03:53:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vfind.exe
[2010/02/01 03:53:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\moveex.exe
[2010/02/01 03:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iqajocimafeyute.bin
[2010/01/30 21:21:14 | 1071,714,304 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/25 12:34:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/25 12:10:22 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\IceSword122en.zip
[2010/01/24 01:58:58 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/22 20:56:33 | 001,088,512 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\Combo-Fix.exe
[2010/01/22 20:34:57 | 000,000,009 | ---- | C] () -- C:\confin.sys
[2010/01/22 20:33:06 | 000,004,286 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\avp.ico
[2010/01/22 20:33:06 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/01/22 20:32:56 | 000,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/22 20:09:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Trorodizi.dat
[2010/01/22 20:06:58 | 000,000,648 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/22 20:06:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/22 18:49:24 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:02:54 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\barresume.doc
[2010/01/22 01:06:55 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\HijackThis.lnk
[2010/01/22 00:08:16 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2010/01/22 00:08:15 | 000,000,478 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job
[2010/01/22 00:08:15 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/01/21 23:20:59 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/21 23:01:03 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/21 23:01:03 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/21 23:00:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/21 21:50:12 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/21 21:50:11 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/21 12:24:16 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/20 18:20:22 | 000,004,533 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\index.php
[2010/01/05 20:27:44 | 000,014,453 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\resume.htm
[2010/01/05 19:32:48 | 000,004,043 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Desktop\links.htm
[2009/12/26 00:07:24 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\Dr--iXA0_rR.dll
[2009/02/18 14:43:08 | 000,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2008/08/28 10:03:20 | 000,024,155 | ---- | C] () -- C:\Program Files\orilliapic.jpg
[2008/08/10 12:33:11 | 000,016,190 | ---- | C] () -- C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent
[2008/08/10 12:30:38 | 000,017,276 | ---- | C] () -- C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent
[2008/07/11 10:35:54 | 000,014,006 | ---- | C] () -- C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent
[2008/07/10 08:49:37 | 000,012,732 | ---- | C] () -- C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent
[2008/07/10 06:00:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/10 06:00:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/08 09:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2008/03/17 09:02:44 | 000,022,764 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\Microsoft Excel.ADR
[2007/11/18 11:07:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/01 10:16:19 | 000,000,396 | ---- | C] () -- C:\WINDOWS\Prestopm.INI
[2007/03/31 13:22:11 | 000,000,703 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007/03/27 10:54:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/26 13:41:42 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2007/03/26 13:41:42 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\DMAPI.dll
[2006/09/09 16:05:19 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/04/14 21:30:47 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2006/01/31 14:26:27 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/01/12 19:51:52 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005/07/15 05:33:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2005/02/19 09:15:11 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Burn and Go Nitro.ini
[2005/02/09 20:24:56 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2005/02/09 17:24:29 | 003,691,666 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\imageCache.db
[2005/02/09 16:20:49 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2005/01/09 13:19:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/09 16:45:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JPR.{PB
[2004/12/09 16:45:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\PFP110JCM.{PB
[2004/09/11 15:44:12 | 000,000,613 | ---- | C] () -- C:\WINDOWS\pmontage.ini
[2004/09/11 15:44:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Pm_setup.ini
[2004/09/11 15:43:42 | 000,000,745 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2004/09/11 15:10:20 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson880.ini
[2004/09/09 14:27:04 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/09/09 14:27:04 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7651CD09DA.sys
[2004/07/09 14:41:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/09 14:38:32 | 000,000,184 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2004/07/09 14:27:59 | 000,043,786 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2004/07/09 14:23:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2004/07/09 14:23:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2004/07/09 14:23:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2004/07/09 14:23:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2004/07/09 14:22:39 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2004/07/09 10:32:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Application Data\dm.ini
[2004/06/26 07:05:02 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/22 11:23:22 | 000,001,908 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/18 20:48:07 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/06/18 20:37:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/18 20:32:09 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/06/18 20:31:57 | 000,000,123 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/06/09 13:17:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/06/09 13:09:17 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/06/09 13:08:36 | 000,000,516 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/06/09 13:04:35 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/09 12:55:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/09 12:55:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/06/09 12:42:04 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/13 08:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 05:00:00 | 000,037,376 | ---- | C] () -- C:\WINDOWS\kbet70A.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Wayne Noble\Desktop\~:SummaryInformation
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Tue Feb 02, 2010 8:27 pm

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Tue Feb 02, 2010 9:06 pm

GooredFix by jpshortstuff (08.01.10.1)
Log created at 16:05 on 02/02/2010 (Wayne Noble)
Firefox version 3.5.7 (en-GB)

========== GooredScan ==========

Deleting "C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}" -> Success!
(nȯne)
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{47D99070-1169-4A6B-AA14-DB1810417EF5} -> Success!
Deleting C:\Documents and Settings\Administrator.DBQMM051\Local Settings\Application Data\{47D99070-1169-4A6B-AA14-DB1810417EF5} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} -> Success!
Deleting C:\Documents and Settings\Wayne Noble\Local Settings\Application Data\{3E474B84-AD1B-4CC9-8CD2-D92BB554F4F4} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{4a4f15aa-8569-f02e-7cb6-b10fe045b81c} [01:06 23/01/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:45 10/12/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [21:56 22/11/2009]

C:\Documents and Settings\Wayne Noble\Application Data\Mozilla\Firefox\Profiles\awc5jfy8.default\extensions\
(nȯne)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:41 22/11/2009]

-=E.O.F=-

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Wed Feb 03, 2010 12:43 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (C:\WINDOWS\system32\k8efzgigz.dll) - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS\System32\k8efzgigz.dll File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe (HellFire)
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O22 - SharedTaskScheduler: {C4BF49A2-94F1-42BD-F034-3604811C807D} - lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - C:\WINDOWS\System32\k8efzgigz.dll File not found
    O32 - AutoRun File - [2006/12/08 02:36:34 | 000,000,042 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
    [2010/02/01 03:13:52 | 000,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
    [2010/01/31 15:34:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Trorodizi.dat
    [2010/02/01 03:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Iqajocimafeyute.bin
    [2008/08/10 12:33:11 | 000,016,190 | ---- | C] () -- C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent
    [2008/08/10 12:30:38 | 000,017,276 | ---- | C] () -- C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent
    [2008/07/11 10:35:54 | 000,014,006 | ---- | C] () -- C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent
    [2008/07/10 08:49:37 | 000,012,732 | ---- | C] () -- C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Wed Feb 03, 2010 4:43 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\RTHDBPL deleted successfully.
C:\Documents and Settings\Wayne Noble\Application Data\SystemProc\lsass.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C4BF49A2-94F1-42BD-F034-3604811C807D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BF49A2-94F1-42BD-F034-3604811C807D}\ not found.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\warning.html moved successfully.
C:\WINDOWS\Trorodizi.dat moved successfully.
C:\WINDOWS\Iqajocimafeyute.bin moved successfully.
C:\Program Files\Abby+Winters+Presents+-+Rosanna+&+Chloe+B.mpg.torrent moved successfully.
C:\Program Files\Abby_Winters_-_Tiff_amp_Nadine_2_Girl_Girl_.wmv.torrent moved successfully.
C:\Program Files\[isoHunt]_Led_Zeppelin_-_Led_Zeppelin_I_{Original_master}_(1969)_[EAC_-_VB.torrent moved successfully.
C:\Program Files\[isoHunt]_Rodney_Moore_-_Horny_hairy_girls_19.mpg.torrent moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02022010_233505

Files\Folders moved on Reboot...
File move failed. D:\Autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Wed Feb 03, 2010 7:56 pm

Can't Believe It That aturoun file doesn't wanna leave does it, oh well, time to get the bigger guns out.

Please download [You must be registered and logged in to see this link.] to your Desktop and run it by double clicking the program's icon.

  1. Wait a couple of seconds for initial scan to finish.
  2. Connect all of your USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds.
  3. If there are more USB storage devices to scan, please take a note about the order in which these were connected.
  4. After all the devices are scanned, right click in the Monitor tab, and choose "Save log". That will open the log in Notepad. Please copy and paste the log into this thread.
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Sun Feb 07, 2010 7:57 pm

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 07/02/2010 2:53:51 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {cb5ec364-c18a-11d8-b826-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for cb5ec364-c18a-11d8-b826-806d6172696f
----------------------------------------
Desktop.ini found at C:\INCINERATE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={23CE4E06-2508-11D0-1977-0734210ABE0B}
----------------------------------------
CLSID not found in registry
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 07/02/2010 2:55:40 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {70ab2198-0f0f-11df-be4d-000f1f4bbea8}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 70ab2198-0f0f-11df-be4d-000f1f4bbea8
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Sun Feb 07, 2010 8:05 pm

Hello.
What is the D:\ drive?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by DNoble on Mon Feb 08, 2010 6:57 am

it's a dvd/disk drive I gues you call it.
There's two disk drives, d and e

DNoble
Novice
Novice

Posts Posts : 45
Joined Joined : 2010-01-22
OS OS : Windows XP
Points Points : 25731
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Defense Removal

Post by Belahzur on Mon Feb 08, 2010 8:09 pm

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum