GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Possible Virus, have OTL logs

View previous topic View next topic Go down

Possible Virus, have OTL logs

Post by robyn1112 on Fri May 14, 2010 10:26 pm

Hello,
I've been having some virus issues off and on for several months. I'm usually able to take care of the "on the surface" problems, but I doubt that I am actully getting completely rid of the virus. For the most recent attack, I had to use a renamed version of rkill. Things are running fine right now, but I have a feeling that I haven't taken care of everything. I download and ran OTL with the specific instructions found in the new user guide. I will post those below.
Thanks in advance for your help!

OTL logfile created on: 5/14/2010 9:44:17 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Robyn\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 476.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 17.54 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.61 Gb Total Space | 12.02 Gb Free Space | 82.31% Space Free | Partition Type: NTFS
Drive F: | 23.56 Gb Total Space | 13.02 Gb Free Space | 55.27% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBYN-MACHINE1
Current User Name: Robyn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/11 17:05:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robyn\Desktop\OTL.exe
PRC - [2010/04/22 08:24:48 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 08:24:41 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/03 08:47:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/27 12:41:12 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/27 12:41:09 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/27 12:40:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/14 18:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007/04/03 21:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/05/16 23:15:10 | 000,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2006/04/01 13:40:12 | 000,375,296 | ---- | M] () -- C:\Program Files\Muiltmedia keyboard utility\1.3\KBDAP32A.EXE
PRC - [2005/11/10 13:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/06/20 09:42:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2005/05/03 23:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2005/03/07 08:33:28 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2001/11/20 06:51:28 | 000,356,352 | ---- | M] () -- C:\Program Files\Belkin Mouse 1.0\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2010/05/11 17:05:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robyn\Desktop\OTL.exe
MOD - [2006/10/22 13:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2001/12/25 21:28:26 | 000,057,344 | ---- | M] () -- C:\Program Files\Belkin Mouse 1.0\MOUDL32A.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (avast! Web Scanner)
SRV - File not found [On_Demand | Stopped] -- -- (avast! Mail Scanner)
SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2010/03/27 12:40:21 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/05/04 01:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)


========== Driver Services (SafeList) ==========

DRV - [2010/04/22 08:24:42 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/27 12:41:59 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/27 12:41:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/09 06:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 06:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 06:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/06/20 10:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/07/29 01:14:22 | 000,091,577 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {5F4EF925-AF99-4469-8B86-FCA1EF96157E}:1.9.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{5F4EF925-AF99-4469-8B86-FCA1EF96157E}: C:\Documents and Settings\Robyn\Local Settings\Application Data\{5F4EF925-AF99-4469-8B86-FCA1EF96157E} [2010/01/13 14:15:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/26 00:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/26 17:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 00:51:09 | 000,000,000 | ---D | M]

[2009/12/17 23:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robyn\Application Data\Mozilla\Extensions
[2010/04/26 07:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robyn\Application Data\Mozilla\Firefox\Profiles\om4aj4xo.default\extensions
[2010/05/13 23:16:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/04/26 09:34:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/17 23:32:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/04/26 09:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\bttoolbar
[2006/04/26 09:31:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\bttoolbar081
[2006/04/26 09:31:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\chrome
[2006/04/26 09:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\firefoxplugin
[2008/02/02 19:17:21 | 000,090,112 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2006/05/06 14:21:09 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/01/22 17:21:24 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2010/01/23 19:44:39 | 000,373,589 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 12876 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\Mouse32A.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html ()
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in My Computer)
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} [You must be registered and logged in to see this link.] (Mines Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} [You must be registered and logged in to see this link.] (PogoWebLauncher Control)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} [You must be registered and logged in to see this link.] (BJA Control)
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} [You must be registered and logged in to see this link.] (Shapetris Control)
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} [You must be registered and logged in to see this link.] (Word Cubes Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} [You must be registered and logged in to see this link.] (CPlayFirstzenerchiControl Object)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} [You must be registered and logged in to see this link.] (Royal Control)
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} [You must be registered and logged in to see this link.] (Chess Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/01 10:53:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{351059c6-89cf-11dd-a280-00142ab9cbe2}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{351059c6-89cf-11dd-a280-00142ab9cbe2}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{351059c6-89cf-11dd-a280-00142ab9cbe2}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{351059c6-89cf-11dd-a280-00142ab9cbe2}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{351059c6-89cf-11dd-a280-00142ab9cbe2}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/01 10:53:13 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 10:10:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/11 17:05:09 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robyn\Desktop\OTL.exe
[2010/05/11 16:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robyn\Local Settings\Application Data\qhbblaxfg
[2003/12/09 13:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\Robyn\*.tmp files -> C:\Documents and Settings\Robyn\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2025/10/21 17:16:44 | 000,003,120 | ---- | M] () -- C:\WINDOWS\BQSHYJ2R.ocx
[2025/10/19 22:48:23 | 000,003,120 | ---- | M] () -- C:\WINDOWS\F9B5D4PH.ocx
[2025/10/18 04:20:02 | 000,003,120 | ---- | M] () -- C:\WINDOWS\VO63QJ2E.ocx
[2025/10/16 09:51:41 | 000,003,120 | ---- | M] () -- C:\WINDOWS\NWQNADHB.ocx
[2025/10/14 15:23:21 | 000,003,120 | ---- | M] () -- C:\WINDOWS\O83PPKBG.ocx
[2025/10/12 20:55:00 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\GHP6JVUB.ocx
[2025/10/11 02:26:39 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\2KG2D6GN.ocx
[2025/10/09 07:58:18 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\E2DGHAFK.ocx
[2025/10/07 13:29:57 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\KJIXEDQK.ocx
[2025/10/05 19:01:36 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\S239DIEF.ocx
[2010/05/14 19:45:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/14 18:55:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Robyn\Local Settings\Application Data\prvlcl.dat
[2010/05/14 18:44:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/14 17:21:05 | 059,999,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/13 20:03:36 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Robyn\ntuser.dat
[2010/05/13 16:37:29 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\When I was thirteen.doc
[2010/05/13 09:50:44 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\cummins invoice.doc
[2010/05/12 23:01:11 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Robyn\Desktop\parenting.xls
[2010/05/12 22:28:15 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\christophers cookbook letterhead.doc
[2010/05/12 18:42:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/11 17:16:21 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Robyn\Desktop\Shortcut to iExplore.exe.lnk
[2010/05/11 17:07:30 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Robyn\Desktop\rkill.com
[2010/05/11 17:05:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robyn\Desktop\OTL.exe
[2010/05/11 16:11:36 | 000,000,025 | ---- | M] () -- C:\WINDOWS\herjek.config
[2010/05/10 22:30:16 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\staples menu week 7 half sheet.pub
[2010/05/09 21:00:05 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\chris lease.doc
[2010/05/06 22:22:14 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\springcarnival signs.pub
[2010/05/06 09:40:29 | 000,850,432 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\Spring Carnival Program 09.pub
[2010/05/05 22:07:36 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\Spring Carnival Game Instructions.doc
[2010/05/02 21:02:01 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Robyn\Desktop\tshirts.doc
[2010/04/28 08:52:32 | 000,202,955 | ---- | M] () -- C:\Documents and Settings\Robyn\Desktop\tshirt.jpg
[2010/04/26 09:40:48 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\aisin menu.pub
[2010/04/26 08:39:35 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\Other Local Child Psychiatrists.doc
[2010/04/26 00:51:17 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/26 00:51:06 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 00:50:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 00:50:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 00:48:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Robyn\ntuser.ini
[2010/04/25 22:04:51 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\Spring Carnival Teacher Sign-up.doc
[2010/04/25 22:00:09 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\spring carnival job assign09.doc
[2010/04/22 11:27:58 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Robyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 08:24:42 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/21 22:24:30 | 002,090,496 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\Spring Carnival Flyer.pub
[2010/04/19 10:41:06 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\staples menu week 6 half sheet.pub
[2010/04/18 11:06:37 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\spring carnival volunteer 10.doc
[2010/04/15 07:36:38 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\ticket order form.doc
[2010/04/14 21:50:18 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Robyn\My Documents\spring carnival volunteer 08.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\Documents and Settings\Robyn\*.tmp files -> C:\Documents and Settings\Robyn\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2025/10/21 17:16:44 | 000,003,120 | ---- | C] () -- C:\WINDOWS\BQSHYJ2R.ocx
[2025/10/19 22:48:23 | 000,003,120 | ---- | C] () -- C:\WINDOWS\F9B5D4PH.ocx
[2025/10/18 04:20:02 | 000,003,120 | ---- | C] () -- C:\WINDOWS\VO63QJ2E.ocx
[2025/10/16 09:51:41 | 000,003,120 | ---- | C] () -- C:\WINDOWS\NWQNADHB.ocx
[2025/10/14 15:23:21 | 000,003,120 | ---- | C] () -- C:\WINDOWS\O83PPKBG.ocx
[2025/10/12 20:55:00 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\GHP6JVUB.ocx
[2025/10/11 02:26:39 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\2KG2D6GN.ocx
[2025/10/09 07:58:18 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\E2DGHAFK.ocx
[2025/10/07 13:29:57 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\KJIXEDQK.ocx
[2025/10/05 19:01:36 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\S239DIEF.ocx
[2010/05/13 16:37:28 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\When I was thirteen.doc
[2010/05/12 22:53:21 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Robyn\Desktop\parenting.xls
[2010/05/12 22:45:18 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\cummins invoice.doc
[2010/05/12 22:28:14 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\christophers cookbook letterhead.doc
[2010/05/11 17:16:21 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Robyn\Desktop\Shortcut to iExplore.exe.lnk
[2010/05/11 17:07:29 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Robyn\Desktop\rkill.com
[2010/05/11 16:11:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\herjek.config
[2010/05/11 16:11:05 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\Robyn\Local Settings\Application Data\asam.exe
[2010/05/11 16:10:04 | 000,061,184 | ---- | C] () -- C:\Documents and Settings\Robyn\Local Settings\Application Data\syssvc.exe
[2010/05/09 21:00:05 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\chris lease.doc
[2010/05/05 22:26:52 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\springcarnival signs.pub
[2010/05/05 22:07:35 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\Spring Carnival Game Instructions.doc
[2010/05/02 21:02:01 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Robyn\Desktop\tshirts.doc
[2010/04/28 08:52:30 | 000,202,955 | ---- | C] () -- C:\Documents and Settings\Robyn\Desktop\tshirt.jpg
[2010/04/26 09:40:48 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\aisin menu.pub
[2010/04/26 08:39:35 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\Other Local Child Psychiatrists.doc
[2010/04/25 16:32:28 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\staples menu week 7 half sheet.pub
[2010/04/19 10:41:05 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\staples menu week 6 half sheet.pub
[2010/04/18 11:06:37 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Robyn\My Documents\spring carnival volunteer 10.doc
[2010/03/31 09:04:12 | 000,000,073 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2010/01/23 19:34:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/15 16:14:14 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/12/30 23:36:33 | 000,001,085 | ---- | C] () -- C:\WINDOWS\oregon.ini
[2007/06/24 17:57:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/01/12 13:17:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/24 19:06:51 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/07/24 19:06:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/07/24 19:06:50 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/07/24 19:06:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/24 19:06:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/07/02 13:51:53 | 000,002,321 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/06/13 19:31:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/06/13 19:20:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/04/03 08:16:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/01 12:18:35 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/04/01 11:09:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/31 14:56:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/03/31 14:56:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/03/31 14:56:49 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/08/04 08:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 08:19:41 | 001,850,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/01/28 18:09:19 | 524,288,000 | ---- | M] () -- C:\.fuse_hidden0000000200000001
[2010/01/29 09:38:46 | 524,288,000 | ---- | M] () -- C:\.fuse_hidden0000000200000002
[2010/02/03 19:35:05 | 524,288,000 | ---- | M] () -- C:\.fuse_hidden0000000200000003
[2006/04/01 10:53:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/23 10:13:07 | 000,001,004 | ---- | M] () -- C:\BIOSLOCK.INI
[2010/02/09 07:44:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/04/01 10:53:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/11/01 21:50:51 | 000,000,227 | ---- | M] () -- C:\CtDrvIns.log
[2006/11/01 21:51:54 | 000,003,031 | ---- | M] () -- C:\CtDrvStp.log
[2004/12/29 01:57:36 | 000,017,505 | R--- | M] () -- C:\DBI.EXE
[2010/02/08 00:25:27 | 000,021,182 | ---- | M] () -- C:\DDS.txt
[2008/03/22 04:19:11 | 000,026,047 | ---- | M] () -- C:\debug.log
[2006/04/01 10:53:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/23 20:37:26 | 000,000,488 | ---- | M] () -- C:\JavaRa.log
[2006/04/01 10:53:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/26 00:50:07 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2009/04/24 22:24:19 | 000,015,196 | ---- | M] () -- C:\Player Loader_log.txt
[2009/03/08 01:39:27 | 000,023,148 | ---- | M] () -- C:\playground.log
[2010/05/11 17:16:29 | 000,000,552 | ---- | M] () -- C:\rkill.log
[2010/04/26 00:51:04 | 000,000,608 | ---- | M] () -- C:\sti.log
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006/11/01 22:06:30 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2006/08/16 15:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\321Studios
[2010/02/22 20:44:12 | 000,000,000 | ---D | M] -- C:\Program Files\AAALOGO2010
[2006/07/09 19:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/04/01 12:54:08 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2010/03/27 12:08:06 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/08/01 23:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Games
[2008/09/26 22:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/03/27 12:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/12/21 16:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Azureus
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\BearFlix
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\BearShare Applications
[2006/06/14 14:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin Mouse 1.0
[2009/07/12 19:30:47 | 000,000,000 | ---D | M] -- C:\Program Files\Burger Island
[2008/04/15 16:16:47 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/04/15 16:06:25 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2009/07/12 19:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/04/01 10:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/02/02 19:17:21 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2009/07/12 19:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Cyanide
[2008/01/10 20:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2010/01/23 18:41:48 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Go Go Gourmet
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Gold Miner
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Hasbro Interactive
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/07/12 19:31:37 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/03/31 03:01:58 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/07/22 00:12:27 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/07/22 00:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2007/12/20 23:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\iWin
[2010/01/23 20:29:52 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/07/24 19:08:42 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/01/20 17:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\Labtec
[2006/07/14 13:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2006/10/31 16:06:40 | 000,000,000 | ---D | M] -- C:\Program Files\LG Drivers
[2008/07/18 16:48:43 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2009/08/01 23:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/02/09 01:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2006/07/10 11:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\Memorex exPressit Label Design Studio
[2008/08/15 03:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/04/01 11:08:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/04/01 10:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/05/20 19:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/04/01 11:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Small Business
[2006/04/01 12:00:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2006/04/01 11:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2006/04/01 11:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2006/04/01 11:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/04/01 11:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/01/23 18:41:48 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/03/10 04:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/05/14 21:39:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/31 08:57:22 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 Player Utilities 4.18
[2008/05/20 19:41:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/04/01 10:49:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/04/01 10:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/04/17 03:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/04/01 13:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\Muiltmedia keyboard utility
[2007/04/05 10:15:07 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2007/08/19 13:23:34 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2007/09/23 22:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\Neoteris
[2006/04/01 10:51:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/12/20 23:44:38 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2007/12/20 23:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/13 03:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/07/23 21:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoViewer
[2009/06/24 19:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2009/10/14 17:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2008/10/31 13:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\ProCooking
[2009/08/01 23:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2006/04/01 12:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\S3
[2008/04/15 16:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/01/23 18:41:47 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2006/05/03 21:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Serif
[2010/03/27 09:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/23 18:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2006/04/01 11:00:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/08/01 23:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\USB Vibration Joystick
[2007/06/24 17:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2006/04/01 12:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2009/08/01 23:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2007/06/24 18:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2006/07/24 19:12:25 | 000,000,000 | ---D | M] -- C:\Program Files\WinAVIVideoConverter
[2007/01/12 13:17:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/04/01 10:49:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/04/01 10:52:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2006/07/26 12:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/12/31 00:59:33 | 000,000,000 | ---D | M] -- C:\Program Files\WON
[2006/04/01 10:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/06/16 19:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/07/12 19:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games
[2008/10/31 13:09:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2006/07/09 19:52:04 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\Robyn\Application Data\AdobeDLM.log
[2006/03/31 14:59:52 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Robyn\Application Data\desktop.ini
[2006/07/09 19:52:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Robyn\Application Data\dm.ini


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usbstor.sys

< MD5 for: VIAMRAID.SYS >
[2005/04/25 23:22:40 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-13 07:04:37
< End of report >

robyn1112
Novice
Novice

Status :
Online
Offline

Posts : 43
Joined : 2010-01-23
OS : Windows 7
Points : 25648
# Likes : 0

View user profile

Back to top Go down

Re: Possible Virus, have OTL logs

Post by robyn1112 on Fri May 14, 2010 10:26 pm

here is the OTL extras file



OTL Extras logfile created on: 5/14/2010 9:44:17 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Robyn\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 476.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 17.54 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.61 Gb Total Space | 12.02 Gb Free Space | 82.31% Space Free | Partition Type: NTFS
Drive F: | 23.56 Gb Total Space | 13.02 Gb Free Space | 55.27% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBYN-MACHINE1
Current User Name: Robyn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12542:TCP" = 12542:TCP:*:Disabled:BitComet 12542 TCP
"12542:UDP" = 12542:UDP:*:Disabled:BitComet 12542 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord -- File not found
"C:\Program Files\BearFlix\bearflix.exe" = C:\Program Files\BearFlix\bearflix.exe:*:Disabled:BearFlix -- File not found
"F:\Program Files\BearShare\BearShare.exe" = F:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\BearShare\BearShare.exe" = C:\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Cyanide\Cycling Manager\CyclingManager.exe" = C:\Program Files\Cyanide\Cycling Manager\CyclingManager.exe:*:Disabled:CyclingManager -- File not found
"C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe" = C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe:*:Disabled:dsTermServ Module -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Robyn\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Robyn\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Disabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\ACSPMonitor\ASMonitor.exe" = C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Disabled:System -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{57496D70-3C5A-4197-9908-128101444B73}" = USB Vibration Joystick
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"AAA Logo Free Trial_is1" = AAA Logo 3.10 Free Trial
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AVG9Uninstall" = AVG Free 9.0
"Azureus" = Azureus
"Belkin Mouse Belkin Mouse" = Belkin Mouse 1.0
"Canon MX700 series User Registration" = Canon MX700 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Gold Miner_is1" = Gold Miner
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.25
"Labtec Desktop V5.1" = Labtec Desktop V5.1
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Muiltmedia keyboard utility 1.3" = Muiltmedia keyboard utility 1.3
"MVApplication1" = Memorex exPressit Label Design Studio
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ProCooking" = ProCooking
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"VCast Music Essentials Manager" = V CAST Music Essentials Manager
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Winamp" = Winamp (remove only)
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Term_Services" = Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2010 1:27:52 PM | Computer Name = ROBYN-MACHINE1 | Source = nview_info | ID = 11141121
Description =

Error - 5/1/2010 1:27:52 PM | Computer Name = ROBYN-MACHINE1 | Source = nview_info | ID = 11141121
Description =

Error - 5/1/2010 1:27:52 PM | Computer Name = ROBYN-MACHINE1 | Source = nview_info | ID = 11141121
Description =

Error - 5/13/2010 4:33:31 PM | Computer Name = ROBYN-MACHINE1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2010 4:36:55 PM | Computer Name = ROBYN-MACHINE1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2010 7:56:02 PM | Computer Name = ROBYN-MACHINE1 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 5/13/2010 7:56:09 PM | Computer Name = ROBYN-MACHINE1 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 5/13/2010 7:56:12 PM | Computer Name = ROBYN-MACHINE1 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 5/13/2010 7:56:17 PM | Computer Name = ROBYN-MACHINE1 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 5/14/2010 9:48:02 PM | Computer Name = ROBYN-MACHINE1 | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 9.0.0.814, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/9/2010 12:00:47 PM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%2

Error - 4/9/2010 12:00:47 PM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswSP aswTdi

Error - 4/14/2010 3:28:09 AM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 4/14/2010 3:28:09 AM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%2

Error - 4/14/2010 3:28:09 AM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswSP aswTdi

Error - 4/24/2010 7:10:59 PM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 4/26/2010 12:51:03 AM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 4/26/2010 12:51:03 AM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%2

Error - 4/26/2010 12:51:14 AM | Computer Name = ROBYN-MACHINE1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswSP aswTdi

Error - 5/6/2010 9:42:22 AM | Computer Name = ROBYN-MACHINE1 | Source = Print | ID = 6161
Description = The document springcarnival signs owned by Robyn failed to print on
printer Canon MX700 series Printer. Data type: NT EMF 1.008. Size of the spool
file in bytes: 196608. Number of bytes printed: 79312. Total number of pages in
the document: 6. Number of pages printed: 0. Client machine: \\ROBYN-MACHINE1. Win32
error code returned by the print processor: 13 (0xd).


< End of report >

robyn1112
Novice
Novice

Status :
Online
Offline

Posts : 43
Joined : 2010-01-23
OS : Windows 7
Points : 25648
# Likes : 0

View user profile

Back to top Go down

Re: Possible Virus, have OTL logs

Post by Belahzur on Sat May 15, 2010 6:32 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Possible Virus, have OTL logs

Post by robyn1112 on Sat May 15, 2010 11:48 pm

Here's what I got....Thanks for your help!!!

ComboFix 10-05-15.01 - Robyn 05/15/2010 23:33:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.382 [GMT -4:00]
Running from: c:\documents and settings\Robyn\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robyn\Local Settings\Application Data\{5F4EF925-AF99-4469-8B86-FCA1EF96157E}
c:\documents and settings\Robyn\Local Settings\Application Data\{5F4EF925-AF99-4469-8B86-FCA1EF96157E}\chrome.manifest
c:\documents and settings\Robyn\Local Settings\Application Data\{5F4EF925-AF99-4469-8B86-FCA1EF96157E}\chrome\content\_cfg.js
c:\documents and settings\Robyn\Local Settings\Application Data\{5F4EF925-AF99-4469-8B86-FCA1EF96157E}\chrome\content\overlay.xul
c:\documents and settings\Robyn\Local Settings\Application Data\{5F4EF925-AF99-4469-8B86-FCA1EF96157E}\install.rdf
c:\documents and settings\Robyn\Local Settings\Application Data\qhbblaxfg
c:\documents and settings\Robyn\Local Settings\Application Data\qhbblaxfg\srknkpdtssd.exe
c:\documents and settings\Robyn\Recent\Thumbs.db
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\herjek.config
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-12 14:10 . 2010-05-12 14:10 -------- d-----w- c:\windows\LastGood

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 00:55 . 2010-03-28 17:48 0 ----a-w- c:\documents and settings\Robyn\Local Settings\Application Data\prvlcl.dat
2010-05-12 21:45 . 2006-07-03 21:50 -------- d-----w- c:\documents and settings\Robyn\Application Data\Azureus
2010-04-26 04:51 . 2009-08-01 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-22 12:24 . 2010-04-22 12:24 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-22 12:24 . 2010-03-27 16:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-22 12:23 . 2010-04-22 12:23 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-31 12:59 . 2010-03-31 12:59 766 ----a-r- c:\documents and settings\Robyn\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2010-03-31 12:59 . 2010-03-31 12:59 2550 ----a-r- c:\documents and settings\Robyn\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0727E5AC67F43141071FB8.exe
2010-03-31 12:59 . 2010-03-31 12:59 1518 ----a-r- c:\documents and settings\Robyn\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_64CF0F5A56F714996FE0BF.exe
2010-03-31 12:59 . 2010-03-31 12:59 1078 ----a-r- c:\documents and settings\Robyn\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_D32E910E796D9B1992CC0A.exe
2010-03-31 12:59 . 2010-03-31 12:59 1078 ----a-r- c:\documents and settings\Robyn\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_1661033BF80E250A89F8FC.exe
2010-03-31 12:59 . 2010-03-31 12:59 10134 ----a-r- c:\documents and settings\Robyn\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_84851EE9B80B38F45D2097.exe
2010-03-31 12:57 . 2010-03-31 12:57 -------- d-----w- c:\program files\MP3 Player Utilities 4.18
2010-03-27 16:42 . 2010-03-27 16:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-27 16:41 . 2010-03-27 16:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-27 16:41 . 2010-03-27 16:41 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-27 16:38 . 2010-03-27 16:38 -------- d-----w- c:\program files\AVG
2010-03-27 16:38 . 2010-03-27 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-27 16:21 . 2010-03-23 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-27 16:08 . 2007-08-19 20:24 -------- d-----w- c:\program files\Alwil Software
2010-03-27 13:29 . 2006-08-16 17:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-10 08:02 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 10:09 . 2007-08-19 20:24 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 10:08 . 2007-08-19 20:24 100432 ------w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 10:08 . 2007-08-19 20:24 94800 ------w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 10:08 . 2007-08-19 20:24 28880 ------w- c:\windows\system32\drivers\aavmker4.sys
2010-02-26 06:12 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-04 12:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-20 1957888]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2005-03-11 147456]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FLMK08KB"="c:\program files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [2006-04-01 207360]
"LWBMOUSE"="c:\program files\Belkin Mouse 1.0\MOUSE32A.EXE" [2001-11-20 356352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-27 16:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"WinampAgent"=c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Robyn\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12542:TCP"= 12542:TCP:*:Disabled:BitComet 12542 TCP
"12542:UDP"= 12542:UDP:*:Disabled:BitComet 12542 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/27/2010 12:41 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/27/2010 12:42 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/27/2010 12:40 PM 308064]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Robyn\Application Data\Mozilla\Firefox\Profiles\om4aj4xo.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ProCooking - c:\program files\ProCooking\Uninstall_ProCooking\Uninstall Professional Cooking



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-15 23:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-15 23:45:20
ComboFix-quarantined-files.txt 2010-05-16 03:45

Pre-Run: 19,153,915,904 bytes free
Post-Run: 20,024,639,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 3EB1B7100B97DD0DD2AAC542FA34B96D

robyn1112
Novice
Novice

Status :
Online
Offline

Posts : 43
Joined : 2010-01-23
OS : Windows 7
Points : 25648
# Likes : 0

View user profile

Back to top Go down

Re: Possible Virus, have OTL logs

Post by Belahzur on Sun May 16, 2010 3:49 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0.9
    Azureus
    Java(TM) 6 Update 18
    J2SE Runtime Environment 5.0 Update 6

Next,

  1. Download [You must be registered and logged in to see this link.] on to your desktop
  2. Start Windows in Safe Mode
  3. Open (execute) the uninstall utility
  4. If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  5. Click REMOVE
  6. Restart your computer




  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Folder::
    c:\documents and settings\Robyn\Application Data\Azureus

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12542:TCP"=-
    "12542:UDP"=-

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Possible Virus, have OTL logs

Post by robyn1112 on Sun May 16, 2010 5:38 pm

Combofix said:
'NIRCMDC' is not recognized as an internal or external command, operable program, or batch file.

robyn1112
Novice
Novice

Status :
Online
Offline

Posts : 43
Joined : 2010-01-23
OS : Windows 7
Points : 25648
# Likes : 0

View user profile

Back to top Go down

Re: Possible Virus, have OTL logs

Post by Belahzur on Mon May 17, 2010 5:39 pm

Hello.
Delete your copy of Combofix and re-download it, then try.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum