WiredWX Hobby Weather ToolsLog in

 


AV Security Suite AGAIN!!!!

2 posters

descriptionSolvedAV Security Suite AGAIN!!!!

more_horiz
I guess I've been somewhat lucky, but malwarebytes stopped the pop-ups. But now my browsers (ie explorer, firefox) get hijacked when I try to search using google or yahoo. If I enter a url or use a book mark, all's good. It's just when I do a search and click on one of the search results that I get sent to a page that says something like url not found, and it's a google blank page.
Also, somehow I nuked my network drivers while cleaning the first time, but malwarebytes had already stopped the pop-ups. I did an XP repair and got my network back up but the stupid av Suite returned and I had to remove it again.

I was only using windows firewall. Trust me once this is resolved (hopefully), it's antivirus time for me!!!

TIA

Nuke

Edit:
I'm at work now, I'll post my OTL logs when I get home.

Last edited by nuclearjock on 10th June 2010, 12:43 pm; edited 1 time in total (Reason for editing : more info)

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
Hi nuclearjock and Welcome to GeekPolice!

If you have OTL logs please post them. And we need to look for a rootkit.

DeFogger
Download DeFogger by jpshortstuff from here & save it to your desktop.

  • Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If not reboot your PC
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.


Next


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click GMER.exe.
    AV Security Suite AGAIN!!!! Gmer_zip
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      AV Security Suite AGAIN!!!! GMER_thumb
      Click the image to enlarge it

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
OTL logfile created on: 6/10/2010 3:09:04 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Rick Wintermute\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): e:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 113.58 Gb Free Space | 81.29% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 255.86 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
Drive E: | 358.29 Gb Total Space | 295.16 Gb Free Space | 82.38% Space Free | Partition Type: NTFS
Drive F: | 340.34 Gb Total Space | 310.03 Gb Free Space | 91.09% Space Free | Partition Type: NTFS
Drive G: | 400.00 Gb Total Space | 156.81 Gb Free Space | 39.20% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 34.26 Gb Total Space | 31.66 Gb Free Space | 92.41% Space Free | Partition Type: NTFS

Computer Name: NUKESGIZMO
Current User Name: Rick Wintermute
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 15:08:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Wintermute\Desktop\OTL.exe
PRC - [2009/07/14 00:28:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/26 13:17:50 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/12 17:03:20 | 000,200,704 | R--- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2007/12/13 18:57:24 | 002,095,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2007/12/13 18:43:22 | 002,051,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2007/12/13 18:42:52 | 000,558,104 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2007/10/16 21:04:12 | 001,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/11/30 19:49:10 | 000,135,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/11/30 19:49:06 | 000,397,312 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/11/30 19:48:08 | 001,115,317 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/06/30 01:21:40 | 000,593,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2006/05/10 10:48:08 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:08:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Wintermute\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/06/30 01:14:54 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/27 13:37:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/26 13:17:50 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2007/10/16 21:04:12 | 001,094,936 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/11/30 19:49:06 | 000,397,312 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/07/14 02:53:08 | 001,811,224 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ct20xflt.sys -- (ct20xflt)
DRV - [2009/07/14 02:52:46 | 001,227,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2009/07/14 02:52:34 | 001,184,280 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/07/14 02:52:22 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/07/14 02:52:14 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/07/14 02:52:04 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/07/14 02:51:56 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/07/14 02:51:36 | 000,536,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/07/14 02:51:26 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/07/14 02:51:16 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/07/14 02:51:16 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/07/14 02:51:04 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/07/14 02:51:04 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/07/14 02:50:56 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/07/14 02:50:56 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/01/23 02:56:38 | 000,072,008 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/01/23 02:56:38 | 000,057,672 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/01 14:50:56 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/12/01 14:50:56 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/12/01 14:50:54 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/04/28 21:00:00 | 000,288,896 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/23 20:08:14 | 000,331,264 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adihdaud.sys -- (ADIHdAudAddService)
DRV - [2008/02/25 18:14:38 | 000,012,416 | R--- | M] (AFT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (FIXUSTOR)
DRV - [2008/02/13 21:04:50 | 001,683,712 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AmbFilt)
DRV - [2007/10/05 10:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 10:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/09/13 21:41:28 | 000,051,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2007/09/13 21:41:20 | 000,014,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2007/09/13 21:41:02 | 000,029,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2007/09/13 21:40:54 | 000,019,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/08/08 11:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/05/01 17:11:28 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH075C.sys -- (SaiH075C)
DRV - [2007/04/02 23:13:46 | 000,021,632 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/10/18 14:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/06/30 01:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/05/10 10:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 10:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/05/10 10:56:18 | 000,056,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2006/05/10 10:56:08 | 000,013,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2005/11/14 04:26:34 | 000,009,728 | R--- | M] (Samsung Electronics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\magicpvt.sys -- (magicpvt)
DRV - [2005/10/17 16:45:42 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2005/10/17 16:37:22 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/02/21 18:22:54 | 000,042,240 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1044

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1044
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/09 04:42:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 04:42:36 | 000,000,000 | ---D | M]

[2010/06/09 04:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla\Extensions
[2010/06/09 04:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla\Firefox\Profiles\sjw5spt1.default\extensions
[2010/06/09 04:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla\Firefox\Profiles\sjw5spt1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 04:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla\Firefox\Profiles\sjw5spt1.default\extensions\staged-xpis
[2010/06/09 04:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/09 04:42:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/06/08 17:49:55 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/13 20:01:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/03 14:51:24 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/10 15:08:18 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick Wintermute\Desktop\OTL.exe
[2010/06/10 15:03:17 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Rick Wintermute\Desktop\hjt.exe
[2010/06/09 15:28:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rick Wintermute\Recent
[2010/06/09 04:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\Mozilla
[2010/06/09 04:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla
[2010/06/08 21:13:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/08 21:03:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/08 21:01:00 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2010/06/08 21:00:56 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/06/08 21:00:56 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/06/08 21:00:54 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2010/06/08 21:00:51 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2010/06/08 21:00:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2010/06/08 19:34:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/08 19:34:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/08 19:15:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/06/08 19:15:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/06/08 19:15:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/06/08 19:15:05 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/06/08 19:15:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/06/08 19:15:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/06/08 19:15:04 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/06/08 19:15:04 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/06/08 19:15:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/06/08 19:15:03 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/06/08 19:15:03 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/06/08 19:15:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/06/08 19:15:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/06/08 19:15:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/06/08 19:14:59 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/06/08 19:14:59 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/06/08 19:14:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/06/08 19:14:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/06/08 19:14:59 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/06/08 19:14:59 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/06/08 19:14:59 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/06/08 19:14:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/06/08 19:14:58 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/06/08 19:14:57 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/06/08 19:14:56 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/06/08 19:14:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/06/08 19:14:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/06/08 19:14:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/06/08 19:14:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/06/08 19:14:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/06/08 19:14:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/06/08 19:14:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/06/08 19:14:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/06/08 19:14:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/06/08 19:14:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/06/08 19:14:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/06/08 19:14:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/06/08 19:14:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/06/08 19:14:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/06/08 19:14:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/06/08 19:14:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/06/08 19:14:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/06/08 19:14:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/06/08 19:14:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/06/08 19:14:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/06/08 19:14:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/06/08 19:14:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/08 19:14:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/08 19:14:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/06/08 19:14:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/06/08 19:14:49 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/06/08 19:14:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/06/08 19:14:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/06/08 19:14:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/06/08 19:14:47 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/06/08 19:14:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/06/08 19:14:47 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/06/08 19:14:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/06/08 19:14:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/06/08 19:14:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/06/08 19:14:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/06/08 19:14:46 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/06/08 19:14:46 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/06/08 19:14:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/06/08 19:14:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/06/08 19:14:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/06/08 19:14:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/06/08 19:14:43 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/06/08 19:14:41 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/06/08 19:14:41 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/06/08 19:14:38 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/06/08 19:14:38 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/06/08 19:14:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/06/08 19:14:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/06/08 19:14:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/06/08 19:14:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/06/08 19:14:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/06/08 19:14:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/06/08 19:14:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/06/08 19:14:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/06/08 19:14:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/06/08 19:14:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/06/08 19:14:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/06/08 19:14:33 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/06/08 19:14:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/06/08 19:14:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/06/08 19:14:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/06/08 19:14:32 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/06/08 19:14:31 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/06/08 19:14:31 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/06/08 19:14:31 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/06/08 19:14:31 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/06/08 19:14:31 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/06/08 19:14:31 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/06/08 19:14:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/06/08 19:14:31 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/06/08 19:14:30 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/06/08 19:14:30 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/06/08 19:14:30 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/06/08 19:14:30 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/06/08 19:14:30 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/06/08 19:14:30 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/06/08 19:14:30 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/06/08 19:14:30 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/06/08 19:14:29 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/06/08 19:14:29 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/06/08 19:14:29 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/06/08 19:14:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/06/08 19:14:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/06/08 19:14:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/06/08 19:14:26 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/06/08 19:14:21 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/06/08 19:14:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/06/08 19:14:18 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/06/08 19:14:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/06/08 19:14:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/06/08 19:14:17 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/06/08 19:14:17 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/06/08 19:14:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/06/08 19:14:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/06/08 19:14:16 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/06/08 19:14:15 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/06/08 19:14:15 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/06/08 19:14:15 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/06/08 19:14:12 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/06/08 19:14:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/06/08 19:14:11 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/06/08 19:14:11 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/06/08 19:14:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/06/08 19:14:10 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/06/08 19:14:10 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/06/08 19:14:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/06/08 19:14:10 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/06/08 19:14:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/06/08 19:14:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/06/08 19:14:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/06/08 19:14:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/06/08 19:14:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/06/08 19:14:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/06/08 19:14:08 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/08 19:14:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/06/08 19:14:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/06/08 19:13:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/06/08 19:13:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/06/08 19:12:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/06/08 18:24:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/06/08 18:24:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/06/08 18:24:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/06/08 18:24:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/06/08 17:50:58 | 000,000,000 | ---D | C] -- C:\Rick_Reg
[2010/06/08 17:04:20 | 000,288,896 | R--- | C] (Marvell) -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2010/06/08 16:12:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2010/06/08 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/06/08 09:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/07 23:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Application Data\Malwarebytes
[2010/06/07 22:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/07 21:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\PCHealth
[2010/06/07 20:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/07 20:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/07 15:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\BestShopping
[2010/06/07 15:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\humtghq
[2010/06/07 15:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/06/07 15:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/07 15:13:39 | 000,071,168 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi5.dll
[2010/06/07 15:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\Windows Server
[2010/05/24 15:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Walmart MP3 Music Downloads
[2010/05/24 15:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\Walmart MP3 Music Downloads
[2010/05/21 15:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010/05/21 15:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/05/21 15:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/21 15:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/05/21 15:20:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/05/21 15:20:30 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/05/18 23:18:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA(3)
[2010/05/18 23:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies(3)
[2010/05/18 23:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview(4)
[2010/05/18 23:18:07 | 000,000,000 | ---D | C] -- C:\NVIDIA(2)
[2009/07/14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[31 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/10 15:08:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Wintermute\Desktop\OTL.exe
[2010/06/10 15:04:04 | 000,521,682 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/10 15:04:04 | 000,440,992 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/10 15:04:04 | 000,071,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 15:03:19 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Rick Wintermute\Desktop\hjt.exe
[2010/06/10 14:59:54 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/10 14:59:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/10 14:59:51 | 000,000,324 | -HS- | M] () -- C:\WINDOWS\tasks\Zocoup.job
[2010/06/10 14:59:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/10 14:59:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/10 14:59:31 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\driver.dat
[2010/06/10 04:36:30 | 006,561,792 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\ntuser.dat
[2010/06/09 15:48:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rick Wintermute\ntuser.ini
[2010/06/09 04:42:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 04:42:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/08 21:14:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/08 21:14:00 | 001,500,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 19:54:32 | 000,051,360 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/08 19:54:26 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VistaBootPRO 3.3.lnk
[2010/06/08 19:34:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/08 19:15:37 | 000,054,868 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 19:15:37 | 000,054,868 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 19:15:37 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 19:15:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/08 19:13:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/08 19:13:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/08 19:13:31 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/08 19:12:59 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/08 19:12:59 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/08 19:12:47 | 000,000,626 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 19:11:38 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/08 19:10:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/08 18:54:42 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/08 18:44:38 | 000,054,964 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:44:38 | 000,054,964 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:44:38 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 17:59:04 | 000,289,933 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/06/08 17:49:55 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/08 17:08:52 | 000,015,160 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/08 17:03:53 | 000,038,247 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/08 16:12:56 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/07 23:08:58 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Desktop\iExplore.exe
[2010/06/07 20:13:06 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\online_{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:13:05 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:12:45 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\online_{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:12:44 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:10:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/07 16:06:02 | 000,047,314 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\ifarmed.html
[2010/06/07 15:17:01 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\syssvc.exe
[2010/06/07 15:15:26 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/06/07 15:13:39 | 000,071,168 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi5.dll
[2010/06/07 09:54:11 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/06/06 14:36:02 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Thayer eField Guide Viewer 3.9.lnk
[2010/05/30 17:22:34 | 000,238,080 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 07:12:46 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2010/05/23 20:50:15 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Microsoft Streets & Trips.lnk
[2010/05/12 13:16:50 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Sharpener-Manual-123.lnk
[2010/05/12 04:40:35 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Core Temp.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[31 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/09 04:42:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 04:42:38 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/08 21:01:04 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/06/08 21:01:04 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/06/08 21:01:04 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/06/08 21:01:04 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/06/08 21:01:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/06/08 21:01:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/06/08 21:01:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/06/08 21:01:04 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/06/08 21:01:04 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/06/08 21:01:04 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/06/08 21:01:04 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/06/08 21:01:04 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/06/08 21:01:04 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/06/08 21:01:04 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/06/08 21:01:04 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/06/08 21:01:04 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/06/08 21:01:04 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/06/08 21:01:03 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/06/08 21:01:03 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/06/08 21:01:03 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/06/08 21:01:03 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/06/08 21:01:03 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/06/08 21:01:03 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/06/08 21:01:03 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/06/08 21:01:03 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/06/08 21:01:03 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/06/08 21:01:03 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/06/08 21:01:03 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/06/08 21:01:02 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/06/08 21:01:02 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/06/08 21:01:02 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/06/08 21:01:02 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/06/08 21:01:02 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/06/08 21:01:02 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/06/08 21:01:02 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/06/08 21:01:02 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/06/08 21:01:02 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/06/08 21:01:02 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/06/08 21:01:02 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/06/08 21:01:02 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/06/08 21:01:02 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/06/08 21:01:00 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/06/08 21:01:00 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/06/08 21:00:59 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/06/08 21:00:59 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/06/08 21:00:59 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/06/08 21:00:59 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/06/08 21:00:59 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/06/08 21:00:59 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/06/08 21:00:59 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/06/08 21:00:59 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/06/08 21:00:59 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/06/08 21:00:59 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/06/08 21:00:59 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/06/08 21:00:59 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/06/08 21:00:59 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/06/08 21:00:59 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/06/08 21:00:59 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/06/08 21:00:59 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/06/08 21:00:59 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/06/08 21:00:59 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/06/08 21:00:57 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/06/08 21:00:56 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/06/08 21:00:56 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/06/08 21:00:53 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/06/08 21:00:53 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/06/08 21:00:53 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/06/08 21:00:53 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/06/08 21:00:53 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/06/08 21:00:53 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/06/08 21:00:47 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/06/08 21:00:45 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/06/08 21:00:45 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/06/08 21:00:45 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/06/08 21:00:45 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/06/08 21:00:45 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/06/08 21:00:45 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/06/08 21:00:45 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/06/08 21:00:45 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/06/08 21:00:45 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/06/08 21:00:45 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/06/08 21:00:43 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/06/08 19:54:26 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VistaBootPRO 3.3.lnk
[2010/06/08 19:34:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/08 19:20:10 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\Desktop\iExplore.exe
[2010/06/08 19:15:09 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/08 19:14:47 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/08 19:14:47 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/08 19:14:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/08 19:14:36 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/08 19:14:36 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/08 19:14:31 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/08 19:14:30 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/08 19:14:29 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/08 19:14:24 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/08 19:14:20 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/08 19:14:10 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/08 19:14:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/06/08 19:14:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/06/08 19:14:07 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/06/08 19:14:07 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/06/08 19:14:07 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/06/08 19:14:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/06/08 19:14:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/06/08 19:14:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/06/08 19:14:05 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/06/08 19:14:05 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/06/08 19:14:05 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/06/08 19:14:05 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/06/08 19:14:05 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/06/08 19:14:05 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/06/08 19:14:05 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/06/08 19:14:04 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/06/08 19:14:04 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
********
rest of OTL.txt
************

[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/06/08 19:14:03 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/06/08 19:14:03 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/06/08 19:14:03 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/08 19:14:03 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/08 19:12:59 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/08 18:57:14 | 000,054,868 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:57:14 | 000,054,868 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:57:14 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:24:32 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/08 18:24:31 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/08 18:24:31 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/08 18:24:31 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/08 18:24:31 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/08 18:24:31 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/08 16:12:56 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/08 12:49:50 | 000,289,933 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/06/07 20:03:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\online_{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:03:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 15:20:34 | 000,047,314 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\ifarmed.html
[2010/06/07 15:16:59 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\syssvc.exe
[2010/06/07 15:14:32 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\online_{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 15:14:31 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 15:13:40 | 000,000,324 | -HS- | C] () -- C:\WINDOWS\tasks\Zocoup.job
[2010/05/18 23:18:58 | 000,206,793 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/05/18 23:18:26 | 000,201,736 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/18 23:18:26 | 000,018,725 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/05/12 13:16:53 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Sharpener-Manual-123.lnk
[2010/05/12 04:40:35 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Core Temp.lnk
[2009/07/14 01:14:20 | 000,027,839 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/07/14 01:14:16 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/07/14 00:28:04 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/07/14 00:28:04 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/07/12 14:18:25 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2009/07/12 14:18:25 | 000,001,377 | R--- | C] () -- C:\WINDOWS\System32\IconCfg2.ini
[2009/07/12 14:18:25 | 000,001,377 | R--- | C] () -- C:\WINDOWS\System32\IconCfg1.ini
[2009/07/12 14:18:25 | 000,001,377 | R--- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009/07/12 14:18:25 | 000,001,376 | R--- | C] () -- C:\WINDOWS\System32\IconCfg4.ini
[2009/07/12 14:18:25 | 000,001,376 | R--- | C] () -- C:\WINDOWS\System32\IconCfg3.ini
[2009/05/25 21:58:23 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\lbab.dll
[2009/02/19 14:13:13 | 000,000,843 | ---- | C] () -- C:\WINDOWS\omupdate.ini
[2009/01/15 08:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 08:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 08:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 08:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/01 11:24:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/12/20 16:51:13 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2008/12/20 16:51:04 | 000,233,557 | ---- | C] () -- C:\WINDOWS\System32\esint54.dll
[2008/12/20 16:46:07 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/20 16:43:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV700SERIES.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/01 21:28:31 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_0C.dll
[2008/05/01 21:28:31 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_10.dll
[2008/05/01 21:28:31 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_0402.dll
[2008/05/01 21:28:30 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C.Dll
[2008/05/01 21:28:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_0A.dll
[2008/05/01 21:28:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_07.dll
[2008/05/01 21:28:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_09.dll
[2008/02/20 21:00:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/02/09 18:49:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/31 18:51:55 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/01/19 10:22:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/17 22:37:50 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/01/15 17:19:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/14 16:58:47 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/01/14 16:58:47 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/01/14 16:58:45 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/01/14 16:58:45 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/01/14 16:56:11 | 000,038,247 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/14 16:56:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/14 16:55:57 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/01/13 20:48:35 | 000,311,296 | R--- | C] () -- C:\WINDOWS\EMCRI_AX.dll
[2007/05/01 16:11:28 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_11.dll
[2006/11/10 08:08:50 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/10/02 17:25:18 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/10/12 00:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 00:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 00:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 00:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 02:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
< End of report >

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
OTL Extras logfile created on: 6/10/2010 3:09:04 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Rick Wintermute\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): e:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 113.58 Gb Free Space | 81.29% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 255.86 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
Drive E: | 358.29 Gb Total Space | 295.16 Gb Free Space | 82.38% Space Free | Partition Type: NTFS
Drive F: | 340.34 Gb Total Space | 310.03 Gb Free Space | 91.09% Space Free | Partition Type: NTFS
Drive G: | 400.00 Gb Total Space | 156.81 Gb Free Space | 39.20% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 34.26 Gb Total Space | 31.66 Gb Free Space | 92.41% Space Free | Partition Type: NTFS

Computer Name: NUKESGIZMO
Current User Name: Rick Wintermute
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with ACDSee] -- "C:\Program Files\ACDSee32\ACDSee32.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\Microsoft Games\Flight Simulator 9_old\fs9.exe" = D:\Microsoft Games\Flight Simulator 9_old\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Flight Simulator 9_old\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9_old\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"W:\RelicCOH.exe" = W:\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"BestShopping" = BestShopping
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Registry Mechanic_is1" = Registry Mechanic 7.0
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2010 8:25:56 PM | Computer Name = NUKESGIZMO | Source = Application Error | ID = 1000
Description = Faulting application whluot.exe, version 0.0.0.0, faulting module
whluot.exe, version 0.0.0.0, fault address 0x00024759.

Error - 6/8/2010 9:20:17 PM | Computer Name = NUKESGIZMO | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/8/2010 9:20:17 PM | Computer Name = NUKESGIZMO | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/8/2010 9:21:23 PM | Computer Name = NUKESGIZMO | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/8/2010 9:21:23 PM | Computer Name = NUKESGIZMO | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 6/8/2010 8:13:19 PM | Computer Name = NUKESGIZMO | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 6/8/2010 8:13:19 PM | Computer Name = NUKESGIZMO | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 6/8/2010 8:15:32 PM | Computer Name = NUKESGIZMO | Source = Setup | ID = 60055
Description = Windows Setup encountered non-fatal errors during installation. Please
check the setuperr.log found in your Windows directory for more informatio

Error - 6/8/2010 9:19:42 PM | Computer Name = NUKESGIZMO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000022'
while processing the file '_851546_' on the volume 'HarddiskVolume4'. It has stopped
monitoring the volume.

Error - 6/8/2010 9:19:43 PM | Computer Name = NUKESGIZMO | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume W:.

Error - 6/9/2010 4:27:57 PM | Computer Name = NUKESGIZMO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/9/2010 4:29:03 PM | Computer Name = NUKESGIZMO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsIO ATITool Fips intelppm magicpvt nvport

Error - 6/9/2010 4:48:12 PM | Computer Name = NUKESGIZMO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/9/2010 4:49:20 PM | Computer Name = NUKESGIZMO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
And GMER?

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
here is ark.txt

when do I re-enable emulation?


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-10 18:28:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\RICKWI~1\LOCALS~1\Temp\kwtoapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9293360, 0x3535DF, 0xE8000020]
init C:\WINDOWS\system32\drivers\magicpvt.sys entry point in "init" section [0xBA6CB700]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

---- EOF - GMER 1.0.15 ----

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
OK... GMER came back clean.


  1. Download ComboFix from below:

    Combofix download


    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here

  3. Double click on combofix.exe & follow the prompts.

  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    AV Security Suite AGAIN!!!! CfRC_screen_1


    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.

    AV Security Suite AGAIN!!!! CfRC_screen_2

    Click on Yes, to continue scanning for malware.

  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
browser is still hijacked......


ComboFix 10-06-10.03 - Rick Wintermute 06/10/2010 19:46:19.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2551.2086 [GMT -5:00]
Running from: c:\documents and settings\Rick Wintermute\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rick Wintermute\Local Settings\Application Data\syssvc.exe
c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Windows Server
c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
c:\windows\system32\hlp.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.

2010-06-09 09:56 . 2010-06-09 09:56 -------- d-s---w- c:\documents and settings\rick\UserData
2010-06-09 09:42 . 2010-06-09 09:42 0 ----a-w- c:\windows\nsreg.dat
2010-06-09 09:42 . 2010-06-09 09:42 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Mozilla
2010-06-09 02:00 . 2008-04-14 00:12 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-06-09 02:00 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-06-09 02:00 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-06-09 02:00 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-06-09 02:00 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-09 00:34 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 00:34 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 00:15 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-06-09 00:15 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-06-09 00:15 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-06-09 00:15 . 2008-04-14 00:11 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-06-09 00:15 . 2008-04-14 00:11 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-06-09 00:15 . 2008-04-14 00:11 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-06-09 00:15 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-06-09 00:13 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-06-09 00:13 . 2001-08-18 03:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-06-09 00:12 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-06-08 23:24 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-06-08 23:24 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-06-08 23:24 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-06-08 23:24 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-06-08 22:50 . 2010-06-08 22:51 -------- d-----w- C:\Rick_Reg
2010-06-08 22:04 . 2008-04-29 02:00 288896 ----a-r- c:\windows\system32\drivers\yk51x86.sys
2010-06-08 18:32 . 2010-06-08 18:32 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-08 14:31 . 2010-06-09 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 04:14 . 2010-06-08 04:14 -------- d-----w- c:\documents and settings\Rick Wintermute\Application Data\Malwarebytes
2010-06-08 03:54 . 2010-06-08 03:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-08 03:54 . 2010-06-08 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-08 02:26 . 2010-06-08 02:26 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\PCHealth
2010-06-07 20:15 . 2010-06-07 20:15 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\BestShopping
2010-06-07 20:14 . 2010-06-09 01:29 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\humtghq
2010-06-07 20:14 . 2010-06-08 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-07 20:13 . 2010-06-07 20:13 71168 --sha-r- c:\windows\system32\encapi5.dll
2010-05-24 20:34 . 2010-05-24 20:34 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Walmart MP3 Music Downloads
2010-05-24 20:34 . 2010-05-24 20:34 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\windows\system32\AGEIA
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\windows\nview
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- C:\NVIDIA
2010-05-19 04:18 . 2010-05-21 20:20 -------- d-----w- c:\windows\system32\AGEIA(3)
2010-05-19 04:18 . 2010-05-21 20:20 -------- d-----w- c:\program files\AGEIA Technologies(3)
2010-05-19 04:18 . 2010-05-19 04:20 -------- d-----w- c:\windows\nview(4)
2010-05-19 04:18 . 2010-05-21 20:20 -------- d-----w- C:\NVIDIA(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 00:48 . 2008-01-15 15:51 32 ----a-w- c:\windows\system32\driver.dat
2010-06-09 09:55 . 2010-06-09 09:55 -------- d-----w- c:\documents and settings\rick\Application Data\Logitech
2010-06-09 00:54 . 2008-01-14 01:04 51360 ----a-w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-09 00:11 . 2008-01-14 00:56 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-08 22:08 . 2008-12-01 02:19 15160 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-08 18:36 . 2010-06-08 18:36 311 ---ha-w- c:\windows\nshC2.tmp
2010-06-08 18:21 . 2010-06-08 18:21 431 ---ha-w- c:\windows\nso34.tmp
2010-06-07 14:54 . 2010-04-07 23:10 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2010-05-24 12:27 . 2009-08-16 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-17 13:26 . 2008-01-16 10:14 -------- d-----w- c:\program files\FairUse Wizard 2
2010-05-16 18:16 . 2008-01-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-12 09:40 . 2008-01-14 02:02 -------- d-----w- c:\program files\core temp99.5
2010-05-12 08:41 . 2008-01-15 14:03 -------- d-----w- c:\program files\super pi mod1.5
2010-05-01 00:23 . 2008-01-15 14:52 -------- d-----w- c:\program files\Paint Shop Pro 5
2010-04-23 22:00 . 2010-04-23 22:00 -------- d-----w- c:\program files\CPUID
2010-04-07 23:24 . 2010-04-07 23:12 49152 ----a-r- c:\documents and settings\Rick Wintermute\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-04-07 23:23 . 2008-12-19 12:24 57344 ----a-r- c:\documents and settings\Rick Wintermute\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-04-07 20:23 . 2008-01-14 01:01 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-31 04:38 . 2010-04-23 22:00 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2008-05-07 18:00 . 2008-01-15 11:47 4226 ----a-w- c:\program files\Banks.htm
2008-01-15 15:33 . 2008-01-15 15:33 61 --sha-w- c:\windows\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-12-01 1115317]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-12-01 135168]
"UMonit"="c:\windows\system32\UMonit.exe" [2008-02-12 200704]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-07-14 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-13 593920]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Microsoft Games\\Flight Simulator 9_old\\fs9.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9_old\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [1/15/2008 10:51 AM 9728]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [4/23/2010 5:00 PM 20968]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/13/2008 8:14 PM 3712]
S0 ntfpdzm;ntfpdzm; [x]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\RICKWI~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\RICKWI~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 AmbFilt;AmbFilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2008 6:20 PM 1683712]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1/15/2010 6:19 PM 16512]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/27/2010 1:37 PM 79360]
S3 ct20xflt;ct20xflt;c:\windows\system32\drivers\ct20xflt.sys [7/14/2009 2:53 AM 1811224]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 3:15 PM 198168]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 3:15 PM 198168]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 3:14 PM 1353240]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 3:14 PM 1353240]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 3:15 PM 73752]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 3:15 PM 73752]
S3 EUCR;ENE USB Mass Storage;c:\windows\system32\drivers\EUCR6SK.sys [1/13/2008 8:48 PM 42240]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [7/12/2009 2:18 PM 12416]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [1/24/2009 2:02 PM 1227800]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [5/1/2008 9:28 PM 132232]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:1044
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rick Wintermute\Application Data\Mozilla\Firefox\Profiles\sjw5spt1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-RegistryMechanic - (no file)
AddRemove-HijackThis - c:\documents and settings\Rick Wintermute\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 19:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4004)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-06-10 19:51:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-11 00:51

Pre-Run: 121,867,534,336 bytes free
Post-Run: 121,756,971,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 316C32D7EA64A5957EF7720087FAE330

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
Here's why your PC is being infected.

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network.
Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:



  • Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
  • avast! 5 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.


Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Be sure to install just one. I use avira on my PC. Then:

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
My browser is no longer hijacked.

Should I create a new restore point???

Should I use defogger to restart emulation now???

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
nuclearjock wrote:
My browser is no longer hijacked.

Should I create a new restore point???

Should I use defogger to restart emulation now???

No. Please post Security Check

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:


Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
Are you going to installed a Anti-virus software? That I recommend so this will not happen again. Before we move on?

descriptionSolvedRe: AV Security Suite AGAIN!!!!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum