Another infected PC - Page 2
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24

Thread: Another infected PC

  1. August 17th, 2010, 08:21 PM #16
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You're running two AV programs, AVG and Norton.
    One of them has to go.
    If AVG, use this tool: http://www.avg.com/us-en/download-tools
    If Norton, use this Tool: http://www.symantec.com/norton/suppo...080710133834EN

    ==========================================================

    When done....

    1. Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.


    2. Re-run Malwarebytes (update first) and post new log

    3. Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    My Home Page
    Reply With Quote Reply With Quote
  2. August 17th, 2010, 08:59 PM #17
    Meph1st0
    Meph1st0 is offline Plain old geek
    Join Date
    Feb 2006
    Posts
    85
    had to remove AVG since Norton Antivirus is paid for and licensed by my employer. Someone else in our office had installed AVG.

    Anway, below is the log from rerunning Malwarebytes. I'll post the results of the OTL scan in a bit.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4442

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/17/2010 5:53:09 PM
    mbam-log-2010-08-17 (17-53-09).txt

    Scan type: Quick scan
    Objects scanned: 139526
    Time elapsed: 6 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QTUpdate (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QTUPDATE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Reply With Quote Reply With Quote
  3. August 17th, 2010, 09:07 PM #18
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Go on...
    My Home Page
    Reply With Quote Reply With Quote
  4. August 17th, 2010, 09:22 PM #19
    Meph1st0
    Meph1st0 is offline Plain old geek
    Join Date
    Feb 2006
    Posts
    85
    I accidentally clicked start Scan instead of Quick Scan. But I figure that this would be more thorough anyway. Here is the OTL.txt file (I had to break it into smaller parts to post it):

    OTL logfile created on: 8/17/2010 6:17:09 PM - Run 3
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\travel\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 131.60 Gb Free Space | 88.32% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SL025415
    Current User Name: travel
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/17 17:30:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\travel\Desktop\OTL.exe
    PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
    PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/05/14 08:01:24 | 004,440,064 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/06 14:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
    PRC - [2007/06/06 14:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2007/06/06 14:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2007/05/29 17:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2007/02/15 08:24:48 | 005,646,848 | R--- | M] (Linksys) -- C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
    PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
    PRC - [2005/07/04 15:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys\WUSB54GSC\WLService.exe
    PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/17 17:30:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\travel\Desktop\OTL.exe
    MOD - [2008/04/14 04:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2006/11/14 08:35:26 | 000,061,440 | ---- | M] (Altiris, Inc.) -- C:\WINDOWS\system32\AMInit.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Linksys\WUSB54GSC\WLService.exe WUSB54GSC.exe -- (WUSB54GSC)
    SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/05/14 08:01:24 | 004,440,064 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
    SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2009/03/08 22:50:40 | 001,680,928 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
    SRV - [2008/07/07 13:45:50 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
    SRV - [2007/06/06 14:24:22 | 000,116,928 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2007/06/06 14:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2007/06/06 14:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2007/03/28 19:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - [2010/07/15 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100813.009\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/07/15 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100813.009\NAVENG.SYS -- (NAVENG)
    DRV - [2010/06/11 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/05/28 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2009/12/09 06:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
    DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
    DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2009/08/03 13:04:30 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2009/07/14 11:54:00 | 007,741,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/10/07 13:06:46 | 000,002,401 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AlKernel.sys -- (AlKernel)
    DRV - [2008/07/07 13:42:52 | 000,164,480 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV - [2008/07/07 13:42:52 | 000,024,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/07/07 13:42:50 | 000,149,000 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
    DRV - [2008/07/07 13:42:42 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
    DRV - [2008/07/07 13:41:32 | 000,032,408 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2008/04/13 23:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/02/25 22:51:44 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/10/12 15:04:40 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2007/09/29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2007/09/06 14:30:24 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2007/06/06 11:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2007/03/28 19:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2007/03/28 19:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2007/02/09 23:06:00 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
    DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2005/02/17 20:05:16 | 000,218,112 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid)
    DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2004/08/13 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/08/13 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/08/13 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/08/13 00:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/08/13 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/08/13 00:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/08/13 00:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/08/13 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/08/13 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/08/13 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/08/04 02:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 05:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
    DRV - [2001/08/17 05:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    Reply With Quote Reply With Quote
  6. August 17th, 2010, 09:25 PM #20
    Meph1st0
    Meph1st0 is offline Plain old geek
    Join Date
    Feb 2006
    Posts
    85
    Another part:

    [2010/08/16 18:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBallonTip = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: ilsat ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: ilsatweb ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: ilsbeta ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: ilsdev ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: ils-live ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: ilsnet ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: ilsssc ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([*.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([*.csw] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([ilsat.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([ilsatweb.csw] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([ilsbeta.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([ilsdev.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([ils-live.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([ilsnet.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([ilsssc.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg01.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg02.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg03.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg04.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg05.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg06.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg07.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg08.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slcsg09.CSW] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slnt12.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([slsql08.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([taw.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: l-3com.com ([work.csw] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: slnt12 ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: slsql08 ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: taw ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: web ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: work ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ilsat ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ilsatweb ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ilsbeta ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ilsdev ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ils-live ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ilsnet ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ilsssc ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([*.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([*.csw] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([ilsat.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([ilsatweb.csw] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([ilsbeta.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([ilsdev.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([ils-live.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([ilsnet.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([ilsssc.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([portal.csw] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([remoteaccess.csw] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg01.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg02.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg03.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg04.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg05.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg06.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg07.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg08.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg09.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slcsg10.CSW] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slnt12.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([slsql08.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([taw.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: l-3com.com ([work.csw] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: slnt12 ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: slsql08 ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: taw ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: web ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: work ([]http in Trusted sites)
    O16 - DPF: {20641312-84DA-11D4-93BD-00105AABE9D7} http://ilsat.csw.l-3com.com/ilsat/Downloads/Launch.cab (Launch.LaunchProcess)
    O16 - DPF: {229634BD-A350-11D5-93FE-00105AABE9D7} http://ilsat.csw.l-3com.com/ilsat/Downloads/Barcode.cab (Barcode.PrintBarCode)
    O16 - DPF: {22ACD16F-99EB-11D2-9BB3-00400561D975} http://ilsat.csw.l-3com.com/ilsat/Downloads/pvcombo.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1229364616321 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1229364580680 (MUWebControl Class)
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://thebrowndomain.com:1090/bl_camera.cab (Bl_camera Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {8F55FA20-10DA-44C7-B675-CE2A290DE3B2} http://ilsat.csw.l-3com.com/ilsat/Downloads/ILSTree.cab (ILS Data-Bound TreeView Control)
    O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} http://ilsat.csw.l-3com.com/ilsat/Downloads/pvdtcal.cab (ProtoView Calendar Control)
    O16 - DPF: {B754EA80-0AC4-48AF-8CBF-12CD438ECC92} http://ilsat.csw.l-3com.com/ilsat/Downloads/ILSGrid.cab (ILS Data-Bound Grid Control)
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://ilsat.csw.l-3com.com/ilsat/Do...ivexviewer.cab (Crystal Report Viewer Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CD666348-C8D4-11D5-9403-00105AABE9D7} http://ilsat.csw.l-3com.com/ilsat/Do...s/ILSTree2.cab (pILSTree2.ILSTree2)
    O16 - DPF: {D4C8F0A1-6949-496A-8FD9-975C68842F02} http://ilsat.csw.l-3com.com/ilsat/Do...s/richtext.CAB (pRichText.RichText)
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remoteaccess.csw.l-3com.com/...erSetupSP1.cab (JuniperSetupControlXP Class)
    O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} http://ilsat.csw.l-3com.com/ilsat/Downloads/pvdt80.cab (Reg Error: Value error.)
    O16 - DPF: {EEA054ED-AAC4-11D4-93C9-00105AABE9D7} http://ilsat.csw.l-3com.com/ilsat/Do...eClientDSN.cab (CreateClientDSN.CreateDSN)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remoteaccess.csw.l-3com.com/...etupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\AMInit.dll) - C:\WINDOWS\system32\AMInit.dll (Altiris, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\travel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\travel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/02/17 13:23:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)
    Reply With Quote Reply With Quote
  7. August 17th, 2010, 09:26 PM #21
    Meph1st0
    Meph1st0 is offline Plain old geek
    Join Date
    Feb 2006
    Posts
    85
    Third part of OTL.txt:

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/17 17:29:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\travel\Desktop\OTL.exe
    [2010/08/17 17:27:06 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\travel\Desktop\avgremover.exe
    [2010/08/17 17:05:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/08/17 15:18:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/17 15:15:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/17 14:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\Application Data\Sonic
    [2010/08/16 20:05:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/08/16 18:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\Application Data\Malwarebytes
    [2010/08/16 18:28:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/08/16 18:28:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/08/16 18:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/08/16 18:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/08/16 18:28:17 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\travel\Desktop\mbam-setup-1.46.exe
    [2010/08/16 13:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\Application Data\vlc
    [2010/08/16 13:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/08/13 19:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
    [2010/08/13 17:39:26 | 000,000,000 | ---D | C] -- C:\$AVG
    [2010/08/13 17:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/08/12 19:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/08/12 13:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\My Documents\shane
    [2010/08/09 21:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\My Documents\Downloads
    [2010/08/09 18:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\Local Settings\Application Data\Temp
    [2010/08/09 18:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\Local Settings\Application Data\Deployment
    [2010/08/06 06:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/08/06 06:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/08/06 06:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/08/06 06:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/08/06 06:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/07/06 14:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/07/06 14:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\Local Settings\Application Data\Citrix
    [2010/06/25 16:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2010/06/25 16:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\travel\Desktop\kyle
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/08/17 18:03:37 | 000,066,852 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
    [2010/08/17 18:03:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/17 18:01:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/17 18:01:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/17 18:00:57 | 2145,529,856 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/17 17:59:56 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\travel\NTUSER.DAT
    [2010/08/17 17:59:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\travel\ntuser.ini
    [2010/08/17 17:30:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\travel\Desktop\OTL.exe
    [2010/08/17 17:27:11 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\travel\Desktop\avgremover.exe
    [2010/08/17 17:26:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708106416-1552605257-2064745200-1004UA.job
    [2010/08/17 17:04:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/17 15:18:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/17 14:52:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\MBRCheck_MBR_Backup_08-17-10_14-52-32.bak
    [2010/08/17 14:49:49 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\MBRCheck.exe
    [2010/08/16 18:42:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\rfbgvbwi.exe
    [2010/08/16 18:41:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/16 18:41:14 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/16 18:28:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/08/16 18:28:19 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\travel\Desktop\mbam-setup-1.46.exe
    [2010/08/16 18:26:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708106416-1552605257-2064745200-1004Core.job
    [2010/08/16 13:06:33 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/08/13 12:04:41 | 000,036,158 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\tina_fey_sarah_palin.jpg
    [2010/08/13 06:43:11 | 000,015,961 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\AFSOC RSO Deployment Processing Checklist.xlsx
    [2010/08/12 23:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/11 03:28:42 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/11 03:11:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/11 03:10:13 | 000,535,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/11 03:10:13 | 000,465,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/11 03:10:13 | 000,079,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/11 00:26:58 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Google Chrome.lnk
    [2010/08/11 00:26:58 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\travel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/08/10 07:50:40 | 000,110,978 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Sitzman072510RCar.pdf
    [2010/08/10 07:49:56 | 000,044,078 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Sitzman072510Hotel.pdf
    [2010/08/10 07:38:12 | 000,013,348 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\scan120712.pdf
    [2010/08/10 07:30:52 | 000,148,682 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\scan120711.pdf
    [2010/08/06 06:34:41 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/08/06 06:30:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/07/30 19:35:40 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\travel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/20 16:08:19 | 000,020,487 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Airborne Antenna sn 482 Failure Report.docx
    [2010/07/20 15:57:42 | 000,019,692 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Field Failure Report.docx
    [2010/07/13 14:31:26 | 000,026,783 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Assignment Letter L-3 Communications.docx
    [2010/07/08 18:01:20 | 000,030,506 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Book1.xlsx
    [2010/07/08 09:35:12 | 002,376,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PX20455.DOC
    [2010/07/06 14:06:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/06/29 12:46:45 | 000,032,868 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Travel Reservation July 20 for TIMPE JR.pdf
    [2010/06/16 15:16:19 | 000,032,379 | ---- | M] () -- C:\Documents and Settings\travel\Desktop\Doc3.docx
    [2010/06/12 03:17:01 | 002,000,503 | ---- | M] () -- C:\WINDOWS\iis6.BAK
    [2010/06/08 08:03:20 | 001,661,241 | ---- | M] () -- C:\Documents and Settings\travel\My Documents\Mesquite.pptx
    [2010/06/01 14:26:07 | 000,025,212 | ---- | M] () -- C:\Documents and Settings\travel\My Documents\Field Online Training June 2010.xlsx
    [2010/06/01 10:41:07 | 000,019,460 | ---- | M] () -- C:\Documents and Settings\travel\My Documents\Fm split.xlsx
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/17 15:18:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/17 15:18:28 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/17 14:52:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\MBRCheck_MBR_Backup_08-17-10_14-52-32.bak
    [2010/08/17 14:49:45 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\MBRCheck.exe
    [2010/08/16 18:42:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\rfbgvbwi.exe
    [2010/08/16 18:28:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/08/16 13:06:33 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/08/13 12:04:41 | 000,036,158 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\tina_fey_sarah_palin.jpg
    [2010/08/13 06:43:11 | 000,015,961 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\AFSOC RSO Deployment Processing Checklist.xlsx
    [2010/08/10 07:53:58 | 000,044,078 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Sitzman072510Hotel.pdf
    [2010/08/10 07:53:57 | 000,110,978 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Sitzman072510RCar.pdf
    [2010/08/10 07:41:24 | 000,013,348 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\scan120712.pdf
    [2010/08/10 07:35:31 | 000,148,682 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\scan120711.pdf
    [2010/08/10 07:21:13 | 000,659,837 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\TR384-sc1000-Securing-ATM-Networks.ps
    [2010/08/09 18:25:01 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Google Chrome.lnk
    [2010/08/09 18:25:01 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\travel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/08/09 18:21:57 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708106416-1552605257-2064745200-1004UA.job
    [2010/08/09 18:21:56 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708106416-1552605257-2064745200-1004Core.job
    [2010/08/06 06:34:41 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/08/06 06:30:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/07/20 16:08:19 | 000,020,487 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Airborne Antenna sn 482 Failure Report.docx
    [2010/07/20 15:57:42 | 000,019,692 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Field Failure Report.docx
    [2010/07/13 14:28:22 | 000,026,783 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Assignment Letter L-3 Communications.docx
    [2010/07/08 18:01:19 | 000,030,506 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Book1.xlsx
    [2010/07/08 09:35:18 | 002,376,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PX20455.DOC
    [2010/07/06 14:01:08 | 000,230,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/06/29 12:46:44 | 000,032,868 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Travel Reservation July 20 for TIMPE JR.pdf
    [2010/06/16 15:16:19 | 000,032,379 | ---- | C] () -- C:\Documents and Settings\travel\Desktop\Doc3.docx
    [2010/06/08 08:03:20 | 001,661,241 | ---- | C] () -- C:\Documents and Settings\travel\My Documents\Mesquite.pptx
    [2010/06/01 14:26:07 | 000,025,212 | ---- | C] () -- C:\Documents and Settings\travel\My Documents\Field Online Training June 2010.xlsx
    [2010/06/01 10:30:27 | 000,019,460 | ---- | C] () -- C:\Documents and Settings\travel\My Documents\Fm split.xlsx
    [2010/02/04 10:25:27 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\travel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/14 08:24:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2009/09/21 17:56:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2009/09/21 17:56:30 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
    [2009/08/19 09:16:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 13:04:02 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/02/05 09:05:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/02/04 16:42:57 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/07/07 13:42:52 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006/02/20 08:27:08 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
    [2004/09/22 12:17:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2001/10/28 16:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
    [1999/10/23 17:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
    [1999/08/11 14:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
    [1999/05/21 20:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
    [1998/01/27 23:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL

    ========== LOP Check ==========

    [2010/08/17 17:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/07/06 14:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2009/09/08 09:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2009/10/14 07:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
    [2010/08/06 06:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/12/11 07:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/08/25 14:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\travel\Application Data\ICAClient
    [2010/07/23 14:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\travel\Application Data\Juniper Networks
    [2008/10/28 13:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\travel\Application Data\Research In Motion
    [2009/10/14 07:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\travel\Application Data\Sprint
    [2010/04/14 19:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\travel\Application Data\Windows Desktop Search
    [2010/04/14 21:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\travel\Application Data\Windows Search

    ========== Purity Check ==========
    Reply With Quote Reply With Quote
  8. August 17th, 2010, 09:27 PM #22
    Meph1st0
    Meph1st0 is offline Plain old geek
    Join Date
    Feb 2006
    Posts
    85
    Last part of OTL.txt:



    ========== Custom Scans ==========


    < &#37;SYSTEMDRIVE%\*.* >
    [2006/02/17 13:23:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/08/03 13:03:16 | 000,000,249 | ---- | M] () -- C:\boot.bac
    [2010/08/16 18:41:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/17 15:18:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2006/02/17 13:23:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/05/03 07:43:27 | 000,112,382 | ---- | M] () -- C:\Egg Ethical Conduct.xps
    [2010/05/03 07:20:31 | 000,110,313 | ---- | M] () -- C:\Egg Security Clearance.xps
    [2010/08/17 18:00:57 | 2145,529,856 | -HS- | M] () -- C:\hiberfil.sys
    [2006/02/17 13:23:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/02/17 13:23:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/08/03 14:08:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/17 18:00:56 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/04/08 13:44:22 | 000,000,018 | ---- | M] () -- C:\pending.un

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/07/03 10:54:12 | 000,091,648 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4sa.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
    [2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
    [2010/06/24 05:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/02/17 06:03:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/02/17 06:03:37 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/02/17 06:03:36 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/14 04:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/14 04:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/14 04:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-11 10:12:09
    < End of report >
    Reply With Quote Reply With Quote
  9. August 17th, 2010, 09:28 PM #23
    Meph1st0
    Meph1st0 is offline Plain old geek
    Join Date
    Feb 2006
    Posts
    85
    I don't see an extras.txt file anywhere.
    Reply With Quote Reply With Quote
  11. August 17th, 2010, 09:36 PM #24
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    That's fine.

    How is computer doing at the moment?

    ================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.


    ===============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {22ACD16F-99EB-11D2-9BB3-00400561D975} http://ilsat.csw.l-3com.com/ilsat/Downloads/pvcombo.cab (Reg Error: Key error.)
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} http://ilsat.csw.l-3com.com/ilsat/Downloads/pvdt80.cab (Reg Error: Value error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
[2010/08/17 17:27:06 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\travel\Desktop\avgremover.exe
[2010/08/13 17:39:26 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/08/13 17:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ===============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
    My Home Page
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules