Jump to content

search redirect problem


Recommended Posts

Thanks in advance for your help.

MBAM and DDS Logs

Malwarebytes' Anti-Malware 1.44

Database version: 3697

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

06/02/2010 11:17:47

mbam-log-2010-02-06 (11-17-47).txt

Scan type: Full Scan (C:\|)

Objects scanned: 148497

Time elapsed: 57 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

==========================

DDS (Ver_09-12-01.01) - NTFSx86

Run by Patterson at 16:22:32.60 on 07/02/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.155 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WTouch\WTouchService.exe

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\WTouch\WTouchUser.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\WINDOWS\system32\tp4mon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\ZipGenius 6\zipgenius.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Documents and Settings\Patterson\My Documents\Downloads\Defogger.exe

C:\Documents and Settings\Patterson\My Documents\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [cryptnvmcDirect] rundll32.exe "c:\documents and settings\patterson\local settings\application data\cryptnvmcdirect\cryptnvmcDirect.dll", DllInit

mRun: [TrackPointSrv] tp4mon.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [TP4EX] tp4ex.exe

mRun: [ultraMon] "c:\program files\ultramon\UltraMon.exe" /auto

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: ACNotify - ACNotify.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: tpfnf2 - notifyf2.dll

Notify: tphotkey - tphklock.dll

LSA: Notification Packages = scecli ACGina

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\patter~1\applic~1\mozilla\firefox\profiles\9f4bqtnx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-7 64288]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-29 93320]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-29 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-29 144704]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-1-18 4408616]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]

R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-1-18 112936]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-29 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-29 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-29 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-29 40552]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-18 15656]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]

S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2009-12-28 802683]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-29 34248]

S3 WLATE54SC;NEC AtermWL54SC(PA-WL/54SC) Wireless Network Adapter Service;c:\windows\system32\drivers\wlateSC.sys [2009-12-31 431328]

=============== Created Last 30 ================

2010-02-07 16:10:23 0 ----a-w- c:\documents and settings\patterson\defogger_reenable

2010-02-07 11:08:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-02-07 11:04:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-07 11:03:40 0 d-----w- c:\program files\Lavasoft

2010-02-06 11:58:29 0 d-----w- c:\windows\system32\scripting

2010-02-06 11:58:28 0 d-----w- c:\windows\l2schemas

2010-02-06 11:58:26 0 d-----w- c:\windows\system32\en

2010-02-06 11:58:26 0 d-----w- c:\windows\system32\bits

2010-02-06 11:48:46 0 d-----w- c:\windows\network diagnostic

2010-02-06 10:14:00 0 d-----w- c:\docume~1\patter~1\applic~1\Malwarebytes

2010-02-06 10:13:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-06 10:13:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-02-06 10:13:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-06 10:13:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-01 16:09:16 0 d-----w- c:\windows\system32\LogFiles

2010-01-29 21:45:39 10477 ----a-w- c:\windows\system32\Config.MPF

2010-01-29 21:44:16 0 d-----w- c:\program files\SiteAdvisor

2010-01-29 21:38:51 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-01-29 21:38:51 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2010-01-29 21:38:51 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-01-29 21:38:45 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2010-01-29 21:37:50 0 d-----w- c:\program files\common files\McAfee

2010-01-29 21:37:47 0 d-----w- c:\program files\McAfee.com

2010-01-29 21:37:34 0 d-----w- c:\program files\McAfee

2010-01-29 21:35:50 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2010-01-28 21:30:36 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-01-28 21:30:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-01-28 17:13:58 0 d-sh--w- c:\documents and settings\patterson\IECompatCache

2010-01-27 18:02:07 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-01-27 17:59:50 0 d-----w- c:\program files\Amazon

2010-01-20 18:15:32 0 d-sh--w- c:\documents and settings\patterson\PrivacIE

2010-01-20 07:29:26 0 d-----w- c:\docume~1\patter~1\applic~1\Avaya

2010-01-20 07:25:09 1056768 ----a-w- c:\windows\system32\MFC71.dll

2010-01-20 07:25:04 582968 ----a-w- c:\windows\system32\tvt_gina.dll

2010-01-20 07:25:04 292152 ----a-w- c:\windows\system32\tvt_gina_api.dll

2010-01-20 07:24:56 4224 ----a-w- c:\windows\system32\drivers\IBMBLDID.sys

2010-01-20 07:24:56 11520 ----a-w- c:\windows\system32\drivers\ANC.sys

2010-01-20 07:24:45 0 ----a-w- c:\windows\system32\AccConnAdvanced.html

2010-01-20 07:24:44 188 ----a-w- c:\windows\x

2010-01-20 07:23:26 32768 ----a-w- c:\windows\system32\TpKmpSvc.exe

2010-01-20 07:22:28 0 d-----w- c:\program files\ltmoh

2010-01-20 07:21:24 0 d-----w- c:\windows\Options

2010-01-18 20:30:36 0 d-----w- c:\docume~1\patter~1\applic~1\WTablet

2010-01-18 20:30:31 0 d-----w- c:\docume~1\patter~1\applic~1\WTouch

2010-01-18 20:30:30 220968 ------w- c:\windows\system32\Touch_Tablet.dll

2010-01-18 20:30:28 0 d-----w- c:\program files\WTouch

2010-01-18 20:29:58 1593072 ------w- c:\windows\system32\PenTablet.znc

2010-01-18 20:29:53 6124840 ------w- c:\windows\system32\PenTablet.cpl

2010-01-18 20:29:00 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys

2010-01-18 20:28:46 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys

2010-01-18 20:28:37 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys

2010-01-18 20:28:34 15656 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys

2010-01-18 20:28:33 0 d-----w- c:\windows\system32\WTablet

2010-01-18 20:28:31 284672 ------w- c:\windows\system32\Wintab32.dll

2010-01-18 20:28:30 392488 ----a-w- c:\windows\system32\Pen_Tablet.dll

2010-01-18 20:28:28 4408616 ------w- c:\windows\system32\Pen_Tablet.exe

2010-01-18 20:28:23 439 ----a-w- c:\windows\system32\TouchTabletUserDefaults.xml

2010-01-18 20:28:23 439 ----a-w- c:\windows\system32\PenTabletUserDefaults.xml

2010-01-18 20:28:23 0 d-----w- c:\program files\Tablet

2010-01-17 21:03:55 29 ----a-w- c:\windows\DEBUGSM.INI

2010-01-17 21:03:08 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-01-17 20:58:53 708696 ----a-w- c:\windows\system32\python21.dll

2010-01-17 20:58:53 57344 ----a-w- c:\windows\system32\PyWinTypes21.dll

2010-01-17 20:58:53 290919 ----a-w- c:\windows\system32\pythoncom21.dll

2010-01-17 20:58:52 0 d-----w- c:\program files\common files\Python

2010-01-17 20:55:47 96768 ----a-w- c:\windows\SlantAdj.dll

2010-01-17 20:55:47 73216 ----a-w- c:\windows\ADE.DLL

2010-01-17 20:55:47 72 ----a-w- c:\windows\system32\epDPE.ini

2010-01-17 20:55:47 3136 ----a-w- c:\windows\Ade001.bin

2010-01-17 20:54:58 0 d-----w- c:\program files\EPSON

2010-01-17 20:53:56 86016 ----a-w- c:\windows\system32\Epfb5cpl.dll

2010-01-17 20:53:56 47104 ----a-w- c:\windows\system32\escimgn.dll

2010-01-17 20:53:56 35840 ----a-w- c:\windows\system32\escwian.dll

2010-01-17 20:53:56 33280 ----a-w- c:\windows\system32\esccm.dll

2010-01-17 20:53:56 32256 ----a-w- c:\windows\system32\escwiab.dll

2010-01-17 20:53:56 27648 ----a-w- c:\windows\system32\escimg.dll

2010-01-17 20:53:56 23552 ----a-w- c:\windows\system32\esccmn.dll

2010-01-17 20:53:54 53248 ----a-w- c:\windows\system32\ESICM.dll

2010-01-17 20:53:53 90112 ----a-w- c:\windows\system32\epcomdd.dll

2010-01-17 20:53:53 176128 ----a-w- c:\windows\system32\ESDTR.dll

2010-01-17 20:53:53 126976 ----a-w- c:\windows\system32\Esint23.dll

2010-01-17 20:53:53 0 d-----w- C:\EPSON

2010-01-13 00:10:29 0 d-----w- c:\program files\common files\Motorola Shared

2010-01-12 23:49:41 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-01-12 23:37:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2010-01-12 23:37:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-01-12 23:36:55 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-10 21:24:14 544768 ----a-w- c:\windows\system32\msvcr71d.dll

2010-01-10 21:24:13 344064 ----a-w- c:\windows\system32\msvcr70.dll

2010-01-10 21:24:03 719872 ----a-w- c:\windows\system32\devil.dll

2010-01-10 21:24:02 314368 ----a-w- c:\windows\system32\avisynth.dll

2010-01-10 21:23:59 0 d-----w- c:\program files\Magic Video Converter

2010-01-10 18:01:28 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-01-10 18:01:25 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-01-10 18:01:21 25600 ----a-w- c:\windows\system32\drivers\hidbth.sys

==================== Find3M ====================

2009-12-31 20:14:12 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-29 11:52:32 0 ---ha-r- c:\windows\system32\drivers\IBM_2366_AG8_TP.MRK

2009-12-28 23:59:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 16:24:27.22 ===============

My_Documents.zip

Link to post
Share on other sites

I doubt I can add anything helpful at this stage. But just in case I should note that the infection started a few days ago when the version of XP was sitting on Service Pack 2, it upgraded to Service Pack 3 yesterday. I had only recently fitted the hard drive and I had not noticed I was on SP2. The search redirection is happening with firefox and explorer. It is random and very annoying.

Link to post
Share on other sites

:)

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.

    [*]Re-enable all active protection.

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Extra Registry change it to Use SafeList.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

OTL.txt

OTL logfile created on: 13/02/2010 08:39:55 - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Patterson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 555.00 Mb Available Physical Memory | 54.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 136.39 Gb Free Space | 91.51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 931.51 Gb Total Space | 660.43 Gb Free Space | 70.90% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: T30-160V3

Current User Name: Patterson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/13 08:36:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patterson\Desktop\OTL.exe

PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe

PRC - [2009/10/28 11:50:32 | 000,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe

PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe

PRC - [2009/08/24 13:43:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2009/07/29 10:43:34 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2009/07/29 10:40:40 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2009/07/29 10:35:18 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2009/07/15 16:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe

PRC - [2009/07/15 16:13:04 | 000,393,512 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

PRC - [2009/07/15 16:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe

PRC - [2009/07/15 16:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2008/10/08 02:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/04/14 00:12:38 | 000,082,944 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe

PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007/02/06 23:33:40 | 000,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2006/10/12 21:27:40 | 000,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe

PRC - [2006/10/12 21:27:20 | 000,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe

PRC - [2006/10/02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

PRC - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

PRC - [2006/05/30 15:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

PRC - [2005/07/05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

PRC - [2004/08/06 08:27:56 | 000,860,160 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

PRC - [2004/04/01 10:52:06 | 001,368,064 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2003/06/27 08:53:32 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe

PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010/02/13 08:36:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patterson\Desktop\OTL.exe

MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2009/11/05 16:09:24 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\cryptnvmcDirect\cryptnvmcDirect.dll

MOD - [2006/10/12 21:26:26 | 000,198,144 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll

MOD - [2005/06/10 12:30:56 | 000,002,560 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\Resources\en\RTSUltraMonHookRes.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/02/07 11:04:14 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)

SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/08/24 13:43:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2009/07/15 16:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)

SRV - [2009/07/15 16:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008/04/14 00:11:55 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)

SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007/02/06 23:33:40 | 000,364,544 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/08/24 13:43:54 | 000,024,872 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2009/07/21 21:45:30 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2009/07/21 21:45:30 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)

DRV - [2009/05/20 19:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2009/01/30 21:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008/04/13 18:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2008/04/13 16:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/02/19 05:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2007/02/16 19:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2007/02/16 00:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2007/02/06 23:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/10/02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2006/10/02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2006/09/24 21:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)

DRV - [2006/09/24 21:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)

DRV - [2005/09/15 06:35:10 | 000,431,328 | R--- | M] (NEC AccessTechnica, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlateSC.sys -- (WLATE54SC) NEC AtermWL54SC(PA-WL/54SC)

DRV - [2005/07/05 14:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)

DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004/08/04 12:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2004/06/23 10:42:46 | 000,266,880 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)

DRV - [2004/04/07 07:41:38 | 000,116,176 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)

DRV - [2003/06/27 08:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)

DRV - [2001/08/17 13:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)

DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

DRV - [2001/08/17 12:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.62

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/08 08:37:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/27 10:53:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/16 23:05:29 | 000,000,000 | ---D | M]

[2009/12/29 10:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\Mozilla\Extensions

[2010/02/12 08:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\Mozilla\Firefox\Profiles\9f4bqtnx.default\extensions

[2010/01/25 20:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patterson\Application Data\Mozilla\Firefox\Profiles\9f4bqtnx.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2010/02/07 22:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/12/22 03:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/12/22 03:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/12/22 03:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/12/22 03:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/07 22:26:59 | 000,379,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 13093 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )

O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [ultraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)

O4 - HKCU..\Run: [cryptnvmcDirect] File not found

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/29 00:02:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/05/18 22:48:34 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/03/08 13:36:55 | 000,000,053 | ---- | M] () - E:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/13 08:36:17 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patterson\Desktop\OTL.exe

[2010/02/07 22:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010/02/07 22:29:52 | 000,176,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Patterson\Desktop\TDSSKiller.exe

[2010/02/07 21:54:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/02/07 17:01:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/02/07 11:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/02/07 11:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/02/07 11:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2010/02/07 11:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2010/02/07 11:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Local Settings\Application Data\Temp

[2010/02/07 11:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Local Settings\Application Data\Google

[2010/02/07 11:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/02/07 11:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/02/06 14:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010/02/06 14:44:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/02/06 11:58:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2010/02/06 11:58:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2010/02/06 11:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2010/02/06 11:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2010/02/06 11:48:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2010/02/06 11:38:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010/02/06 10:15:51 | 091,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Patterson\My Documents\Ad-AwareInstallation.exe

[2010/02/06 10:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Application Data\Malwarebytes

[2010/02/06 10:13:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/06 10:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/02/06 10:13:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/06 10:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/06 10:13:15 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patterson\My Documents\mbam-setup.exe

[2010/02/01 16:09:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010/01/31 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Desktop\GooredFix Backups

[2010/01/29 22:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2010/01/29 21:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

[2010/01/29 21:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor

[2010/01/29 21:38:51 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys

[2010/01/29 21:38:51 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys

[2010/01/29 21:38:51 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys

[2010/01/29 21:38:45 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys

[2010/01/29 21:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee

[2010/01/29 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com

[2010/01/29 21:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee

[2010/01/29 21:35:50 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys

[2010/01/29 21:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/01/28 21:31:28 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Patterson\My Documents\ccsetup228.exe

[2010/01/28 21:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/01/28 21:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/01/28 21:29:48 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Patterson\My Documents\spybotsd162.exe

[2010/01/28 17:13:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patterson\IECompatCache

[2010/01/27 18:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Application Data\Amazon

[2010/01/27 17:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

[2010/01/23 03:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet

[2010/01/20 18:15:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Patterson\PrivacIE

[2010/01/20 07:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Application Data\Avaya

[2010/01/20 07:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\My Documents\Access Connections

[2010/01/20 07:25:09 | 001,056,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll

[2010/01/20 07:25:04 | 000,582,968 | ---- | C] (Lenovo) -- C:\WINDOWS\System32\tvt_gina.dll

[2010/01/20 07:25:04 | 000,292,152 | ---- | C] (Lenovo) -- C:\WINDOWS\System32\tvt_gina_api.dll

[2010/01/20 07:24:56 | 000,011,520 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\drivers\ANC.sys

[2010/01/20 07:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh

[2010/01/20 07:21:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options

[2010/01/18 20:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Application Data\WTablet

[2010/01/18 20:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Application Data\WTouch

[2010/01/18 20:30:30 | 000,220,968 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Touch_Tablet.dll

[2010/01/18 20:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch

[2010/01/18 20:29:53 | 006,124,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\PenTablet.cpl

[2010/01/18 20:29:00 | 000,011,440 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\WacomVKHid.sys

[2010/01/18 20:28:46 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys

[2010/01/18 20:28:37 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys

[2010/01/18 20:28:34 | 000,015,656 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys

[2010/01/18 20:28:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet

[2010/01/18 20:28:31 | 000,284,672 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll

[2010/01/18 20:28:30 | 000,392,488 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.dll

[2010/01/18 20:28:28 | 004,408,616 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe

[2010/01/18 20:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet

[2010/01/17 21:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Application Data\EPSON

[2010/01/17 20:58:53 | 000,708,696 | ---- | C] (Digital Creations 2) -- C:\WINDOWS\System32\python21.dll

[2010/01/17 20:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Python

[2010/01/17 20:55:47 | 000,073,216 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\ADE.DLL

[2010/01/17 20:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON

[2010/01/17 20:53:56 | 000,086,016 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\Epfb5cpl.dll

[2010/01/17 20:53:56 | 000,047,104 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escimgn.dll

[2010/01/17 20:53:56 | 000,035,840 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwian.dll

[2010/01/17 20:53:56 | 000,033,280 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esccm.dll

[2010/01/17 20:53:56 | 000,032,256 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiab.dll

[2010/01/17 20:53:56 | 000,027,648 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escimg.dll

[2010/01/17 20:53:56 | 000,023,552 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esccmn.dll

[2010/01/17 20:53:54 | 000,053,248 | ---- | C] (SEIKO EPSON Corp.) -- C:\WINDOWS\System32\ESICM.dll

[2010/01/17 20:53:53 | 000,176,128 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\ESDTR.dll

[2010/01/17 20:53:53 | 000,126,976 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\Esint23.dll

[2010/01/17 20:53:53 | 000,090,112 | ---- | C] (SEIKO EPSON CORP) -- C:\WINDOWS\System32\epcomdd.dll

[2010/01/17 20:53:53 | 000,000,000 | ---D | C] -- C:\EPSON

[2009/12/29 09:53:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/29 00:06:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/29 00:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/13 08:36:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patterson\Desktop\OTL.exe

[2010/02/13 08:09:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/02/13 07:10:25 | 000,011,115 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2010/02/13 06:34:32 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/13 06:18:07 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Patterson\NTUSER.DAT

[2010/02/13 05:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010/02/12 23:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010/02/12 21:51:47 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010/02/12 20:11:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/02/12 20:11:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/02/12 20:10:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/02/12 20:10:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/02/12 20:10:42 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys

[2010/02/12 20:09:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Patterson\ntuser.ini

[2010/02/12 20:08:52 | 007,432,956 | -H-- | M] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\IconCache.db

[2010/02/12 17:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010/02/12 11:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010/02/12 07:25:41 | 000,000,424 | ---- | M] () -- C:\WINDOWS\zipgenius.xml

[2010/02/12 07:22:04 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\Patterson\Application Data\mainhst.zgh

[2010/02/11 23:12:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/02/11 07:31:17 | 000,005,068 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\gmer.zip

[2010/02/10 21:14:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/02/09 08:21:03 | 001,090,268 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\bookfile.jar

[2010/02/09 08:21:03 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\bookfile.jad

[2010/02/08 08:15:52 | 000,338,944 | ---- | M] () -- C:\Documents and Settings\Patterson\Desktop\Classes 09-10.xls

[2010/02/08 08:15:35 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Y13 reports Jan 2010.doc

[2010/02/07 22:26:59 | 000,379,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/02/07 21:42:35 | 000,004,777 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\My Documents.zip

[2010/02/07 20:03:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/02/07 17:55:00 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/02/07 17:55:00 | 000,433,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/02/07 17:55:00 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/02/07 17:39:29 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\AS Project Feedback.doc

[2010/02/07 16:53:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Patterson\Desktop\zphenfq9.exe

[2010/02/07 16:10:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patterson\defogger_reenable

[2010/02/07 15:05:13 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Patterson\My Documents\~$ Project Feedback.doc

[2010/02/06 17:47:34 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Analysis Feedback.doc

[2010/02/06 16:17:24 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old

[2010/02/06 16:16:49 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100206-161724.backup

[2010/02/06 15:39:47 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100206-161649.backup

[2010/02/06 14:48:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/02/06 14:44:02 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/06 14:42:13 | 000,064,368 | ---- | M] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/02/06 11:48:12 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/02/06 10:15:54 | 091,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Patterson\My Documents\Ad-AwareInstallation.exe

[2010/02/06 10:13:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/06 10:13:21 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patterson\My Documents\mbam-setup.exe

[2010/02/04 21:46:07 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Recipe Cost Calculator.xls

[2010/02/04 21:45:51 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Recipe Price Calculator.xls

[2010/01/31 12:21:15 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Copy of Master_Price_List_08_09.xls

[2010/01/29 21:44:32 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk

[2010/01/29 21:43:16 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk

[2010/01/29 21:38:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

[2010/01/29 21:38:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

[2010/01/29 20:49:01 | 000,377,755 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100206-153947.backup

[2010/01/28 21:45:06 | 000,377,755 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100129-204901.backup

[2010/01/28 21:31:39 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Patterson\My Documents\ccsetup228.exe

[2010/01/28 21:29:55 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Patterson\My Documents\spybotsd162.exe

[2010/01/24 22:51:18 | 004,140,718 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\ansley.psd

[2010/01/24 09:18:05 | 001,401,245 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\face.psd

[2010/01/23 21:46:08 | 004,585,165 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\a.psd

[2010/01/21 20:27:18 | 000,467,990 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\ant.psd

[2010/01/21 19:08:44 | 016,460,301 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\frog.psd

[2010/01/20 23:04:54 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Q17 Year 11.doc

[2010/01/20 07:25:19 | 000,000,188 | ---- | M] () -- C:\WINDOWS\x

[2010/01/20 07:24:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\AccConnAdvanced.html

[2010/01/18 21:16:27 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml

[2010/01/18 21:16:27 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml

[2010/01/17 21:03:55 | 000,000,029 | ---- | M] () -- C:\WINDOWS\DEBUGSM.INI

[2010/01/17 20:55:42 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Smart Panel.lnk

[2010/01/16 23:05:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/11 07:31:17 | 000,005,068 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\gmer.zip

[2010/02/07 21:42:35 | 000,004,777 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\My Documents.zip

[2010/02/07 18:29:31 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Y13 reports Jan 2010.doc

[2010/02/07 16:53:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Patterson\Desktop\zphenfq9.exe

[2010/02/07 16:10:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patterson\defogger_reenable

[2010/02/07 15:05:13 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Patterson\My Documents\~$ Project Feedback.doc

[2010/02/07 11:10:07 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/02/07 11:10:06 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010/02/07 11:10:05 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010/02/07 11:10:04 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010/02/07 11:10:03 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010/02/07 11:06:28 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/02/07 11:04:32 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/02/07 11:04:31 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/02/06 17:47:34 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Analysis Feedback.doc

[2010/02/06 16:19:09 | 1072,746,496 | -HS- | C] () -- C:\hiberfil.sys

[2010/02/06 13:32:30 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\AS Project Feedback.doc

[2010/02/06 10:13:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/04 21:46:07 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Recipe Cost Calculator.xls

[2010/02/04 20:35:22 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Recipe Price Calculator.xls

[2010/02/01 19:39:08 | 000,338,944 | ---- | C] () -- C:\Documents and Settings\Patterson\Desktop\Classes 09-10.xls

[2010/01/31 12:21:15 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Copy of Master_Price_List_08_09.xls

[2010/01/29 21:45:39 | 000,011,115 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF

[2010/01/29 21:44:32 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk

[2010/01/29 21:43:16 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee EasyNetwork.lnk

[2010/01/29 21:38:13 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job

[2010/01/29 21:38:11 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job

[2010/01/24 11:04:22 | 004,140,718 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\ansley.psd

[2010/01/23 21:45:58 | 001,401,245 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\face.psd

[2010/01/21 21:00:14 | 004,585,165 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\a.psd

[2010/01/21 20:27:18 | 000,467,990 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\ant.psd

[2010/01/20 23:04:53 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Q17 Year 11.doc

[2010/01/20 18:58:41 | 016,460,301 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\frog.psd

[2010/01/20 07:24:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2010/01/20 07:24:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AccConnAdvanced.html

[2010/01/20 07:24:44 | 000,000,188 | ---- | C] () -- C:\WINDOWS\x

[2010/01/20 07:23:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe

[2010/01/18 20:29:58 | 001,593,072 | ---- | C] () -- C:\WINDOWS\System32\PenTablet.znc

[2010/01/18 20:28:23 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml

[2010/01/18 20:28:23 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml

[2010/01/17 21:03:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2010/01/17 20:58:53 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll

[2010/01/17 20:58:53 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll

[2010/01/17 20:55:47 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2010/01/17 20:55:47 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin

[2010/01/17 20:55:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2010/01/17 20:55:42 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Smart Panel.lnk

[2010/01/16 23:05:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/01/07 18:35:29 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Patterson\Application Data\mainhst.zgh

[2009/12/30 15:28:13 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/29 11:54:26 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2009/12/29 11:53:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2009/12/29 11:00:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/11/30 20:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2005/07/05 23:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Link to post
Share on other sites

extras.txt

OTL Extras logfile created on: 13/02/2010 08:39:55 - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Patterson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 555.00 Mb Available Physical Memory | 54.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 136.39 Gb Free Space | 91.51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 931.51 Gb Total Space | 660.43 Gb Free Space | 70.90% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: T30-160V3

Current User Name: Patterson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [cryptnvmcDirect] File not found
    :Files
    C:\Documents and Settings\Patterson\Local Settings\Application Data\cryptnvmcDirect
    :Commands
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

How is everything running??

Link to post
Share on other sites

after reboot this log was presented by otl

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cryptnvmcDirect deleted successfully.

========== FILES ==========

C:\Documents and Settings\Patterson\Local Settings\Application Data\cryptnvmcDirect folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 386763 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Patterson

->Temp folder emptied: 585181 bytes

->Temporary Internet Files folder emptied: 23507910 bytes

->Java cache emptied: 26772161 bytes

->FireFox cache emptied: 90555149 bytes

->Google Chrome cache emptied: 66341176 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2088154 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23931658 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 4149762162 bytes

Total Files Cleaned = 4,183.00 mb

OTL by OldTimer - Version 3.1.28.0 log created on 02132010_230929

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

here is the quick scan results

OTL logfile created on: 13/02/2010 23:37:33 - Run 2

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Patterson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 567.00 Mb Available Physical Memory | 55.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 136.62 Gb Free Space | 91.66% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 931.51 Gb Total Space | 664.17 Gb Free Space | 71.30% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: T30-160V3

Current User Name: Patterson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/13 08:36:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patterson\Desktop\OTL.exe

PRC - [2009/12/30 09:32:09 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe

PRC - [2009/08/24 13:43:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2009/07/29 10:43:34 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2009/07/29 10:40:40 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2009/07/29 10:35:18 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2009/07/15 16:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe

PRC - [2009/07/15 16:13:04 | 000,393,512 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

PRC - [2009/07/15 16:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe

PRC - [2009/07/15 16:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2008/10/08 02:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/04/14 00:12:38 | 000,082,944 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe

PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007/02/06 23:33:40 | 000,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2006/10/12 21:27:40 | 000,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe

PRC - [2006/10/12 21:27:20 | 000,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe

PRC - [2006/10/02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

PRC - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

PRC - [2006/05/30 15:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

PRC - [2005/07/05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

PRC - [2004/08/06 08:27:56 | 000,860,160 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

PRC - [2004/04/01 10:52:06 | 001,368,064 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2003/06/27 08:53:32 | 000,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe

PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010/02/13 08:36:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patterson\Desktop\OTL.exe

MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2006/10/12 21:26:26 | 000,198,144 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll

MOD - [2005/06/10 12:30:56 | 000,002,560 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\Resources\en\RTSUltraMonHookRes.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/02/07 11:04:14 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)

SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/08/24 13:43:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2009/07/15 16:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)

SRV - [2009/07/15 16:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008/04/14 00:11:55 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)

SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007/02/06 23:33:40 | 000,364,544 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2006/06/29 21:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.62

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/08 08:37:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/27 10:53:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/16 23:05:29 | 000,000,000 | ---D | M]

[2009/12/29 10:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\Mozilla\Extensions

[2010/02/13 08:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\Mozilla\Firefox\Profiles\9f4bqtnx.default\extensions

[2010/01/25 20:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patterson\Application Data\Mozilla\Firefox\Profiles\9f4bqtnx.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2010/02/07 22:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/12/22 03:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/12/22 03:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/12/22 03:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/12/22 03:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/07 22:26:59 | 000,379,761 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 13093 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )

O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [ultraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKLM\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/29 00:02:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/05/18 22:48:34 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/03/08 13:36:55 | 000,000,053 | ---- | M] () - E:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/13 23:09:29 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/02/13 08:36:17 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patterson\Desktop\OTL.exe

[2010/02/07 22:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010/02/07 22:29:52 | 000,176,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Patterson\Desktop\TDSSKiller.exe

[2010/02/07 21:54:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/02/07 17:01:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/02/07 11:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/02/07 11:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/02/07 11:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2010/02/07 11:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2010/02/07 11:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Local Settings\Application Data\Temp

[2010/02/07 11:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Local Settings\Application Data\Google

[2010/02/07 11:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/02/07 11:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/02/06 14:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010/02/06 14:44:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/02/06 11:58:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2010/02/06 11:58:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2010/02/06 11:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2010/02/06 11:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2010/02/06 11:48:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2010/02/06 11:38:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010/02/06 10:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Application Data\Malwarebytes

[2010/02/06 10:13:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/06 10:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/02/06 10:13:43 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/06 10:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/06 10:13:15 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patterson\My Documents\mbam-setup.exe

[2010/02/01 16:09:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010/01/31 13:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patterson\Desktop\GooredFix Backups

[2010/01/29 22:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2010/01/23 03:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet

[2009/12/29 09:53:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/29 00:06:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/29 00:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/13 23:39:24 | 000,000,424 | ---- | M] () -- C:\WINDOWS\zipgenius.xml

[2010/02/13 23:13:34 | 000,011,115 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2010/02/13 23:13:04 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010/02/13 23:12:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/02/13 23:12:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/02/13 23:12:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/02/13 23:11:59 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys

[2010/02/13 23:11:06 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Patterson\NTUSER.DAT

[2010/02/13 23:11:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Patterson\ntuser.ini

[2010/02/13 23:09:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/02/13 23:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010/02/13 11:18:20 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/13 11:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010/02/13 08:36:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patterson\Desktop\OTL.exe

[2010/02/13 05:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010/02/12 20:10:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/02/12 20:08:52 | 007,432,956 | -H-- | M] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\IconCache.db

[2010/02/12 17:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010/02/12 07:22:04 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\Patterson\Application Data\mainhst.zgh

[2010/02/11 23:12:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/02/11 07:31:17 | 000,005,068 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\gmer.zip

[2010/02/10 21:14:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/02/09 08:21:03 | 001,090,268 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\bookfile.jar

[2010/02/09 08:21:03 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\bookfile.jad

[2010/02/08 08:15:52 | 000,338,944 | ---- | M] () -- C:\Documents and Settings\Patterson\Desktop\Classes 09-10.xls

[2010/02/08 08:15:35 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Y13 reports Jan 2010.doc

[2010/02/07 22:26:59 | 000,379,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/02/07 20:03:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/02/07 17:55:00 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/02/07 17:55:00 | 000,433,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/02/07 17:55:00 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/02/07 17:39:29 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\AS Project Feedback.doc

[2010/02/07 16:53:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Patterson\Desktop\zphenfq9.exe

[2010/02/07 16:10:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patterson\defogger_reenable

[2010/02/06 17:47:34 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Analysis Feedback.doc

[2010/02/06 16:17:24 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old

[2010/02/06 16:16:49 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100206-161724.backup

[2010/02/06 15:39:47 | 000,378,487 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100206-161649.backup

[2010/02/06 14:48:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/02/06 14:44:02 | 000,244,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/06 14:42:13 | 000,064,368 | ---- | M] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/02/06 11:48:12 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/02/06 10:13:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/06 10:13:21 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patterson\My Documents\mbam-setup.exe

[2010/02/04 21:46:07 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Recipe Cost Calculator.xls

[2010/02/04 21:45:51 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Recipe Price Calculator.xls

[2010/01/31 12:21:15 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Patterson\My Documents\Copy of Master_Price_List_08_09.xls

========== Files Created - No Company Name ==========

[2010/02/11 07:31:17 | 000,005,068 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\gmer.zip

[2010/02/07 18:29:31 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Y13 reports Jan 2010.doc

[2010/02/07 16:53:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Patterson\Desktop\zphenfq9.exe

[2010/02/07 16:10:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patterson\defogger_reenable

[2010/02/07 11:10:07 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/02/07 11:10:06 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010/02/07 11:10:05 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010/02/07 11:10:04 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010/02/07 11:10:03 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010/02/07 11:06:28 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/02/07 11:04:32 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/02/07 11:04:31 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/02/06 17:47:34 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Analysis Feedback.doc

[2010/02/06 16:19:09 | 1072,746,496 | -HS- | C] () -- C:\hiberfil.sys

[2010/02/06 13:32:30 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\AS Project Feedback.doc

[2010/02/06 10:13:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/04 21:46:07 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Recipe Cost Calculator.xls

[2010/02/04 20:35:22 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Recipe Price Calculator.xls

[2010/02/01 19:39:08 | 000,338,944 | ---- | C] () -- C:\Documents and Settings\Patterson\Desktop\Classes 09-10.xls

[2010/01/31 12:21:15 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Patterson\My Documents\Copy of Master_Price_List_08_09.xls

[2010/01/20 07:24:56 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2010/01/17 21:03:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2010/01/17 20:58:53 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll

[2010/01/17 20:58:53 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll

[2010/01/17 20:55:47 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2010/01/17 20:55:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2010/01/07 18:35:29 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Patterson\Application Data\mainhst.zgh

[2009/12/30 15:28:13 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Patterson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/29 11:54:26 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2009/12/29 11:53:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2009/12/29 11:00:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/11/30 20:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2005/07/05 23:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/27 18:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\Amazon

[2010/01/20 07:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\Avaya

[2010/01/04 11:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\deskUNPDF

[2010/01/17 21:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\EPSON

[2010/02/13 23:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\uTorrent

[2010/01/18 20:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\WTouch

[2010/01/07 18:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patterson\Application Data\ZipGenius

[2010/02/13 11:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job

[2010/02/12 17:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job

[2010/02/13 23:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job

[2010/02/13 05:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

[2010/02/07 20:03:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/01/29 21:38:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

[2010/01/29 21:38:11 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

[2010/02/13 23:13:04 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Thanks all is well. I've posted the log below and it seems fine no redirection when I browse.

Malwarebytes' Anti-Malware 1.44

Database version: 3697

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/02/2010 15:11:47

mbam-log-2010-02-15 (15-11-47).txt

Scan type: Quick Scan

Objects scanned: 119788

Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Open OTL and click on the Cleanup button

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".

2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.