redirect with all and computer locks

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Solved redirect with all and computer locks

Post by bigpun111 on Wed 07 Jul 2010, 11:38 am

First topic message reminder :

Two weeks ago my IE8 started redirecting ad sights on google,msn & yahoo. I uninstalled IE8 and installed firefox and after 1st search, it started doing the same thing. The computer would start slowing in the responses, then would fail to open anyprograms even though the "hourglass" would show. The start window open but wouldnt shut down so I had to hard boot it. After re-start it would open prgrams for a little and the search would work on the 1st try then everything repeats its self. Malwarebytes nor my antivirus are showing anything now but when 1st started the a/v was stopping some trojan alot but now nothing shows. I included hijackthis,OTL and the extra files, thank you.

OTL logfile created on: 7/6/2010 5:51:52 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Donnie Thibodeaux\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 19.07 Gb Total Space | 3.77 Gb Free Space | 19.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 149.05 Gb Total Space | 121.79 Gb Free Space | 81.71% Space Free | Partition Type: NTFS
Drive K: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 483.56 Mb Total Space | 63.58 Mb Free Space | 13.15% Space Free | Partition Type: FAT

Computer Name: THIBODEAUX
Current User Name: Donnie Thibodeaux
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/04 21:41:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\OTL.exe
PRC - [2010/06/29 23:16:25 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/06/23 20:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 20:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 10:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 10:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 10:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\inetsrv\inetinfo.exe
PRC - [2003/07/08 03:44:40 | 000,581,632 | ---- | M] () -- C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
PRC - [2001/08/23 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/07/04 21:41:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/11/20 03:42:45 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\snmp.exe -- (SNMP)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/06/23 20:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 20:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 20:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 10:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 10:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 10:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 13:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/08/04 01:56:58 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 01:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/08/04 01:56:46 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2004/08/04 01:56:44 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)
SRV - [2001/08/23 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2001/08/23 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\Capt9080.sys -- (SQTECH9080) MegaCam(PID_9080_00)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINNT\System32\DRIVERS\parallel.sys -- (Parallel)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\atimtag.sys -- (atimtag)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDS300\cds300.dll -- (959b9316-5b8b-4312-9d5d-fe5682ba0673)
DRV - [2010/05/28 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/17 03:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100702.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/17 03:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100702.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/05/08 07:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2006/10/17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2006/05/03 11:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/20 16:47:43 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2005/09/05 09:39:22 | 000,040,576 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005/08/19 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/05/13 20:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 13:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 13:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 21:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 21:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/10/05 17:54:00 | 000,009,038 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\viausb.sys -- (viafilter)
DRV - [2004/08/04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/09/19 14:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/19 14:05:04 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/05/27 16:45:06 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\vsp.sys -- (Vsp)
DRV - [2003/01/09 21:32:30 | 000,069,472 | R--- | M] (VIA Technologies, INC.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2001/10/18 13:00:00 | 000,006,234 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\viaide.sys -- (viaide)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

FF - HKLM\software\mozilla\Firefox\Extensions\\{B61CC04C-26B0-4352-AD61-6158D7A71223}: C:\Documents and Settings\Donnie Thibodeaux\Local Settings\Application Data\{B61CC04C-26B0-4352-AD61-6158D7A71223} [2010/06/23 23:09:22 | 000,000,000 | ---D | M]

[2010/07/04 15:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\Mozilla\Extensions
[2009/07/08 16:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/07/04 15:24:26 | 000,000,734 | R--- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\WINNT\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VTTimer] File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([[You must be registered and logged in to see this link.] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Donnie Thibodeaux\My Documents\Unzipped\south park theme\Southpark\SouthPark wp.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/20 11:58:39 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/04 16:02:54 | 000,000,279 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{84536091-782f-11dc-9c61-0013d3984210}\Shell - "" = AutoRun
O33 - MountPoints2\{84536091-782f-11dc-9c61-0013d3984210}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84536091-782f-11dc-9c61-0013d3984210}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2006/09/19 20:00:25 | 001,114,112 | R--- | M] ()
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2006/09/19 20:00:25 | 001,114,112 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINNT\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "LightScribeService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: RaidTool - hkey= - key= - C:\Program Files\VIA\RAID\raid_tool.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NBF - Service
SafeBootNet: nbf.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sglfb.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tga.sys - File not found
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINNT\System32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{adefa1b9-1ff9-4bcf-b12a-1a25a0617db0} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.divxa32 - C:\WINNT\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINNT\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINNT\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - C:\WINNT\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.HFYU - C:\WINNT\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.MP42 - C:\WINNT\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINNT\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 17:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\otl inst
[2010/07/06 17:45:42 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/07/06 17:45:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\OTL.exe
[2010/07/02 16:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Downloads
[2010/07/01 05:19:34 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\setup-spybotsd162.exe
[2010/07/01 05:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/07/01 05:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/07/01 05:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/07/01 05:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/06/30 16:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/30 02:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/29 23:33:44 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINNT\PCTBDCore.dll.old
[2010/06/29 23:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/29 23:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/29 21:27:19 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\ATF-Cleaner.exe
[2010/06/29 21:27:12 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\HJTInstall.exe
[2010/06/29 21:27:00 | 010,341,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\windows-kb890830-v3.8.exe
[2010/06/28 06:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/27 15:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\mozilla install
[2010/06/25 04:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/23 23:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/23 23:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/21 13:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/21 13:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/21 13:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/20 16:57:42 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
[2010/06/10 00:03:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\iedvtool.dll
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[5 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/06 17:46:11 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\NTUSER.DAT
[2010/07/06 17:41:05 | 000,000,908 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/06 14:41:00 | 000,000,904 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/06 04:48:23 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Logfile of Trend Micro HijackThis v1.doc
[2010/07/05 13:12:01 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2010/07/04 21:48:40 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/07/04 21:41:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\OTL.exe
[2010/07/04 15:52:49 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/07/04 15:52:26 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/07/04 15:50:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\ntuser.ini
[2010/07/04 15:24:26 | 000,000,734 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/07/04 15:02:46 | 000,610,926 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/07/04 15:02:46 | 000,506,430 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/07/04 15:02:46 | 000,093,244 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/07/04 15:02:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/04 13:19:12 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/07/01 15:53:34 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\Spybot - Search & Destroy.lnk
[2010/07/01 05:38:48 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 05:20:27 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\setup-spybotsd162.exe
[2010/06/30 02:25:03 | 000,004,819 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/06/30 02:18:15 | 000,000,000 | ---- | M] () -- C:\WINNT\nsreg.dat
[2010/06/29 23:36:32 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\Weapons Log as of 04.doc
[2010/06/29 23:18:27 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Logfile of Trend Micro HijackThis v2.doc
[2010/06/29 23:16:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\HijackThis.lnk
[2010/06/29 21:14:58 | 010,341,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\windows-kb890830-v3.8.exe
[2010/06/29 20:19:02 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\ATF-Cleaner.exe
[2010/06/29 20:18:06 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\HJTInstall.exe
[2010/06/25 04:07:09 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2010/06/24 06:24:54 | 000,000,000 | ---- | M] () -- C:\WINNT\Pdijetozunes.bin
[2010/06/23 23:17:29 | 000,002,531 | ---- | M] () -- C:\WINNT\uhoramiyaparo.dll
[2010/06/23 23:09:23 | 000,000,120 | ---- | M] () -- C:\WINNT\Dzazumofutoc.dat
[2010/06/21 14:01:12 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/20 16:57:42 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINNT\cpnprt2.cid
[2010/06/20 16:57:41 | 000,226,728 | ---- | M] (Coupons, Inc.) -- C:\WINNT\System32\cpnprt2.cid
[2010/06/11 04:47:29 | 000,357,752 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[5 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 04:48:22 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Logfile of Trend Micro HijackThis v1.doc
[2010/07/04 15:02:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/01 15:53:34 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\Spybot - Search & Destroy.lnk
[2010/06/30 02:18:15 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2010/06/29 23:33:45 | 000,767,952 | ---- | C] () -- C:\WINNT\BDTSupport.dll.old
[2010/06/29 23:18:26 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\My Documents\Logfile of Trend Micro HijackThis v2.doc
[2010/06/29 23:16:27 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Donnie Thibodeaux\Desktop\HijackThis.lnk
[2010/06/25 04:07:09 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2010/06/23 23:17:28 | 000,002,531 | ---- | C] () -- C:\WINNT\uhoramiyaparo.dll
[2010/06/23 23:09:23 | 000,000,120 | ---- | C] () -- C:\WINNT\Dzazumofutoc.dat
[2010/06/23 23:09:23 | 000,000,000 | ---- | C] () -- C:\WINNT\Pdijetozunes.bin
[2010/06/21 14:01:12 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/19 20:41:45 | 000,040,576 | ---- | C] () -- C:\WINNT\System32\drivers\sdcplh.sys
[2008/06/25 22:07:31 | 000,003,351 | ---- | C] () -- C:\WINNT\System32\drivers\vsp.sys
[2008/06/18 19:00:26 | 000,077,824 | R--- | C] () -- C:\WINNT\System32\HPZIDS01.dll
[2008/06/18 18:59:57 | 000,000,161 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2008/06/18 18:58:40 | 000,000,737 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
[2008/06/11 16:07:52 | 000,003,654 | ---- | C] () -- C:\WINNT\System32\drivers\Sonyhcp.dll
[2007/11/26 14:13:19 | 000,000,031 | -H-- | C] () -- C:\WINNT\uccspecc.sys
[2006/12/08 23:31:59 | 000,021,840 | ---- | C] () -- C:\WINNT\System32\SIntfNT.dll
[2006/12/08 23:31:59 | 000,017,212 | ---- | C] () -- C:\WINNT\System32\SIntf32.dll
[2006/12/08 23:31:59 | 000,012,067 | ---- | C] () -- C:\WINNT\System32\SIntf16.dll
[2006/12/08 23:14:58 | 000,000,025 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2006/11/18 21:01:31 | 000,021,791 | ---- | C] () -- C:\WINNT\System32\smtpctrs.ini
[2006/11/18 21:01:30 | 000,001,037 | ---- | C] () -- C:\WINNT\System32\ntfsdrct.ini
[2006/11/18 21:00:53 | 000,038,576 | ---- | C] () -- C:\WINNT\System32\w3ctrs.ini
[2006/11/18 21:00:53 | 000,010,225 | ---- | C] () -- C:\WINNT\System32\axperf.ini
[2006/11/18 21:00:52 | 000,011,435 | ---- | C] () -- C:\WINNT\System32\infoctrs.ini
[2006/09/04 16:02:40 | 000,314,880 | ---- | C] () -- C:\WINNT\System32\Tx32.dll
[2006/08/20 05:16:34 | 000,196,608 | ---- | C] () -- C:\WINNT\System32\avisynth.dll
[2006/08/11 03:14:23 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2006/05/05 16:22:02 | 000,000,116 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2006/04/25 20:07:36 | 000,000,552 | ---- | C] () -- C:\WINNT\WM7.INI
[2006/03/15 18:26:45 | 000,000,000 | ---- | C] () -- C:\WINNT\vpc32.INI
[2006/03/15 07:15:59 | 000,028,672 | R--- | C] () -- C:\WINNT\System32\cmirmdrv.dll
[2006/03/15 02:21:53 | 000,032,768 | ---- | C] () -- C:\WINNT\System32\UnAudioNT.dll
[2006/03/11 13:31:06 | 000,000,020 | ---- | C] () -- C:\WINNT\Hposcv07.INI
[2006/01/20 13:47:35 | 000,382,159 | ---- | C] () -- C:\WINNT\System32\BOCOLE.DLL
[2006/01/20 13:47:35 | 000,319,696 | ---- | C] () -- C:\WINNT\System32\BOCOF.DLL
[2006/01/20 13:38:13 | 000,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI
[2004/09/17 18:37:42 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\vuins32.dll
[2001/08/17 17:36:28 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[1999/12/07 07:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 01:56:44 | 001,392,671 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\msvbvm60.dll
[5 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[5 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/14 21:03:05 | 000,524,288 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2006/03/15 02:53:29 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\config\security.sav
[2006/03/14 21:03:05 | 019,398,656 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2006/03/14 21:03:06 | 003,670,016 | ---- | M] () -- C:\WINNT\system32\config\system.sav

cont...

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down


Solved Thank You

Post by bigpun111 on Sun 29 Aug 2010, 3:48 am

Thank You very much and I will be making a donation.

bigpun111

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-03-13
Operating System : Windows XP

View user profile

Back to top Go down

Solved Re: redirect with all and computer locks

Post by DragonMaster Jay on Sun 29 Aug 2010, 12:35 pm

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: redirect with all and computer locks

Post by Sponsored content Today at 7:53 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum