Jump to content

WinPatrol repeatedly reports attempt to change HOSTS


TD5

Recommended Posts

For the last day or so, I have been getting a report from WinPatrol "Scotty had detected ad change etc" and presents the option to accept or reject the change. I always reject the change. I have run Kasperski and Malware-Bytes Antimaware and have come up with nothing. I could use some help. Thank you.

Link to post
Share on other sites

For the last day or so, I have been getting a report from WinPatrol "Scotty had detected ad change etc" and presents the option to accept or reject the change. I always reject the change. I have run Kasperski and Malware-Bytes Antimaware and have come up with nothing. I could use some help. Thank you.

Please disregard, I just noticed I'm in the wrong forum.

Link to post
Share on other sites

Hi TD5,

:welcome:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Link to post
Share on other sites

As Requested

OTL Extras logfile created on: 10/3/2010 5:51:59 AM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\T Duprex\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 136.85 Gb Total Space | 109.22 Gb Free Space | 79.81% Space Free | Partition Type: NTFS

Drive D: | 11.65 Gb Total Space | 11.59 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 24.41 Gb Total Space | 21.76 Gb Free Space | 89.12% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

Drive I: | 251.47 Mb Total Space | 123.11 Mb Free Space | 48.96% Space Free | Partition Type: FAT

Computer Name: ACER_PENT

Current User Name: T Duprex

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "G:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [spaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"9999:UDP" = 9999:UDP:*:Enabled:AdminWorks UDP Port

"2804:TCP" = 2804:TCP:*:Enabled:AdminWorks TCP Port

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime

"{05E11ACD-08F9-4A49-8FF8-697144DDC3DE}" = Bonjour

"{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management

"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 20

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4771B74C-003B-4E7B-A4A0-ABB7CA342C70}" = Acer LANScope Agent

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management

"{4F8D3FF1-1A21-4425-8518-4FC135FE8A92}" = Picture Window 4.0

"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate

"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis

Link to post
Share on other sites

I was running GMER and requested. It was up to Windows/system32 . I turned off my modem and the program stopped and my window was frozen. I assume that my turning off the modem caused the program to lock up. GMER was running almost 6 hours uneventfully. I have to leave town for several days in a while so I will run GMER when I return and report to you. Is there a possibility the log file at this point is readable? Do you know the location?

Link to post
Share on other sites

No worries about the Gmer log right now. We will come back to it.

Do these folders look familiar to you:

C:\Documents and Settings\All Users\Documents\12345

C:\Documents and Settings\All Users\Documents\12345bw

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found
    O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found
    O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Link to post
Share on other sites

  • 2 weeks later...
No worries about the Gmer log right now. We will come back to it.

Do these folders look familiar to you:

C:\Documents and Settings\All Users\Documents\12345

C:\Documents and Settings\All Users\Documents\12345bw

------------------------------------------------------------------------------------

Yes, they are folders I created.

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found
    O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found
    O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

-------------------------------------------------------------------------------------------------------------------------------

Spysentinal:

I have returned. I ran OTL with the information you requested be pasted in.

The following information was displayed after rebooting.

All processes killed

Error: Unable to interpret <OTL> in the current context!

Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found> in the current context!

Error: Unable to interpret <O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context!

Error: Unable to interpret <O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!

Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36> in the current context!

Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]> in the current context!

Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context!

Error: Unable to interpret <O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found> in the current context!

Error: Unable to interpret <O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found> in the current context!

Error: Unable to interpret <O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found> in the current context!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33421 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: T Duprex

->Temp folder emptied: 3314336 bytes

->Temporary Internet Files folder emptied: 129030182 bytes

->Java cache emptied: 92557 bytes

->FireFox cache emptied: 93066452 bytes

->Flash cache emptied: 25272 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 93722544 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7998284 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 49243791 bytes

Total Files Cleaned = 359.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10122010_185433

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

SpySentinel: I'm back and have performed your latest request. See subsequent post.

I have returned. I ran OTL with the information you requested be pasted in.

The following information was displayed after rebooting.

All processes killed

Error: Unable to interpret <OTL> in the current context!

Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found> in the current context!

Error: Unable to interpret <O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context!

Error: Unable to interpret <O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!

Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36> in the current context!

Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]> in the current context!

Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0> in the current context!

Error: Unable to interpret <O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found> in the current context!

Error: Unable to interpret <O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found> in the current context!

Error: Unable to interpret <O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found> in the current context!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33421 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: T Duprex

->Temp folder emptied: 3314336 bytes

->Temporary Internet Files folder emptied: 129030182 bytes

->Java cache emptied: 92557 bytes

->FireFox cache emptied: 93066452 bytes

->Flash cache emptied: 25272 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 93722544 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7998284 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 49243791 bytes

Total Files Cleaned = 359.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10122010_185433

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi TD5 I will be helping you SpySentinel will be away for a while.

Can you please open OTL once more and click on run scan at the top and post the new log it creates here and let me know of any remaining issues.

Kahdah: Thanks for jumping in.

The only thing to report is that SpySentinal previously had asked about two files: 12345 and 12345bw. Both files were working files I created and forgot about. I deleted them both.

Here is the OTL Log:

OTL logfile created on: 10/15/2010 5:39:56 PM - Run 2

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\T Duprex\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 136.85 Gb Total Space | 109.26 Gb Free Space | 79.84% Space Free | Partition Type: NTFS

Drive D: | 11.65 Gb Total Space | 11.59 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 24.41 Gb Total Space | 21.80 Gb Free Space | 89.30% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

Drive I: | 251.47 Mb Total Space | 120.16 Mb Free Space | 47.78% Space Free | Partition Type: FAT

Computer Name: ACER_PENT

Current User Name: T Duprex

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)

PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eLock\LockServ.exe ()

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)

PRC - C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company)

PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)

PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)

PRC - G:\Program Files\Winkey\WinKey.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

MOD - C:\WINDOWS\system32\nview.dll ()

MOD - C:\WINDOWS\system32\nvwimg.dll ()

MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)

SRV - (AdobeActiveFileMonitor5.0) -- g:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

SRV - (LockServ) -- C:\Acer\Empowering Technology\eLock\LockServ.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)

SRV - (AWService) -- C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company)

SRV - (Acer ODDSpeedControl) -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe (TODO: <????>)

SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (rrSpy) -- C:\WINDOWS\System32\drivers\rrSpy.sys File not found

DRV - (catchme) -- C:\DOCUME~1\TDUPRE~1\LOCALS~1\Temp\catchme.sys File not found

DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)

DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)

DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)

DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.)

DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys ()

DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (eLock2FSCTLDriver) -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys (Windows ® 2000 DDK provider)

DRV - (eLock2BurnerLockDriver) -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)

DRV - (psdfilter) -- C:\WINDOWS\system32\drivers\psdfilter.sys (HiTRUST)

DRV - (psdvdisk) -- C:\WINDOWS\system32\drivers\psdvdisk.sys (HiTRUST)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)

DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)

DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)

DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()

DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)

DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation)

DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3

FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 20:40:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 20:40:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/10/02 15:02:00 | 000,000,000 | ---D | M]

[2008/09/05 00:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions

[2010/10/13 19:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions

[2010/08/28 21:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010/04/27 07:04:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/17 21:48:30 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}

[2010/10/12 21:17:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/06/18 06:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2010/05/31 09:30:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/06/27 10:21:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/02/22 02:04:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}

[2009/09/08 22:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\support@lastpass(2).com

[2010/10/13 19:31:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/26 19:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/26 20:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/03/27 21:59:43 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll

[2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/10/02 05:43:12 | 004,416,855 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 ads.active.com

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 127.0.0.1 cms.ad2click.nl

O1 - Hosts: 127.0.0.1 ads.ad2games.com

O1 - Hosts: 127.0.0.1 content.ad20.net

O1 - Hosts: 127.0.0.1 core.ad20.net

O1 - Hosts: 127.0.0.1 as.ad611.com

O1 - Hosts: 137800 more lines...

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/05/16 08:04:00 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/c...ls/pctuneup.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222599322578 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.132.4 66.189.132.20 24.217.0.55

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - C:\WINDOWS\System32\GTGina.dll (Gemtek)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/04/26 09:39:58 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:44 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:46 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ]

O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found

O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found

O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found

O34 - HKLM BootExecute: (autocheck pdboot.exe) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 03:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\MALWARE DOWNLOADS

[2010/10/14 13:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2010/10/13 06:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\HOUSE crao

[2010/10/12 18:54:33 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/03 06:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Gmer

[2010/10/03 06:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Malware Assist

[2010/10/03 05:23:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe

[2010/10/02 22:44:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010/10/02 05:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups

[2010/09/26 07:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\LaQuinta

[2010/09/19 21:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adds Its classified

[2006/12/07 11:37:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/10/15 16:58:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/10/15 16:58:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/15 16:58:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/10/15 16:58:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/10/15 16:58:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/15 16:58:29 | 2145,894,400 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/15 11:17:50 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\T Duprex\ntuser.dat

[2010/10/15 11:17:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\T Duprex\ntuser.ini

[2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw

[2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw

[2010/10/15 07:50:54 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 04-22-10.apw

[2010/10/14 13:04:23 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Brownie.ini

[2010/10/14 05:01:18 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/14 04:55:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/10/14 03:08:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/13 22:37:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/13 11:32:04 | 002,605,056 | ---- | M] () -- C:\WINDOWS\outlook.pst

[2010/10/13 10:16:32 | 000,000,920 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/10/13 06:52:42 | 000,007,804 | ---- | M] () -- C:\WINDOWS\extend.dat

[2010/10/13 06:51:50 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk

[2010/10/03 06:17:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\gmer.zip

[2010/10/03 05:23:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe

[2010/10/02 22:43:45 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe

[2010/10/02 12:06:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/02 05:43:12 | 004,416,855 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2010/10/02 05:43:12 | 004,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak

[2010/10/01 10:20:10 | 000,019,252 | ---- | M] () -- C:\WINDOWS\OutlPrnt

[2010/09/24 03:55:06 | 000,023,474 | ---- | M] () -- C:\WINDOWS\fixed pst.FAV

[2010/09/24 03:18:09 | 000,032,768 | ---- | M] () -- C:\WINDOWS\mailbox.PAB

[2010/09/24 03:12:48 | 000,005,850 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3

[2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3

[2010/09/19 20:32:29 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls

[2010/09/19 19:37:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2010/09/19 01:27:08 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll

[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll

[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll

[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll

[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll

[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/09/15 22:49:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u

========== Files Created - No Company Name ==========

[2010/10/15 07:52:11 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw

[2010/10/15 07:51:37 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw

[2010/10/14 17:29:57 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/10/13 06:51:50 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk

[2010/10/03 06:17:32 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\gmer.zip

[2010/10/02 22:43:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe

[2010/10/02 12:06:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/09/29 18:18:10 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\T Duprex\ntuser.dat

[2010/09/24 03:55:06 | 000,023,474 | ---- | C] () -- C:\WINDOWS\fixed pst.FAV

[2010/09/19 21:05:54 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3

[2010/09/19 20:47:23 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3

[2010/09/19 20:44:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls

[2010/09/17 01:16:42 | 1150,237,070 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Latest Sam Lesson.wav

[2010/04/15 19:55:27 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\ir41_32O.dll

[2009/10/18 12:52:46 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009/09/21 08:02:53 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll

[2009/08/15 14:07:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/31 20:47:14 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/07/15 21:43:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u

[2009/07/15 21:40:51 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/07/15 21:40:51 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/01/11 10:07:54 | 000,000,253 | ---- | C] () -- C:\WINDOWS\NGMAD70.INI

[2008/09/16 08:36:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2008/09/16 08:32:42 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2008/09/16 08:32:42 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini

[2008/09/16 08:32:42 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini

[2008/09/16 08:32:42 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2008/09/16 08:31:12 | 000,000,268 | ---- | C] () -- C:\WINDOWS\EPSON 2450 Installer.ini

[2008/08/18 06:40:30 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI

[2008/08/05 17:00:17 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini

[2007/10/04 05:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/09/26 05:55:02 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/09/26 05:55:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini

[2007/08/06 19:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI

[2007/08/06 19:24:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll

[2007/08/06 19:24:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll

[2007/08/06 19:24:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll

[2007/03/20 22:17:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2007/02/10 17:13:19 | 000,000,216 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2007/02/10 17:13:19 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2007/02/10 17:13:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI

[2007/02/10 17:13:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL

[2007/02/10 17:13:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL

[2007/02/10 17:13:12 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL

[2007/02/10 17:13:11 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI

[2007/02/10 17:12:57 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2007/02/10 17:12:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll

[2007/01/05 17:45:28 | 000,010,242 | ---- | C] () -- C:\WINDOWS\MSUMLT_C.ini

[2007/01/01 03:38:51 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp

[2007/01/01 01:42:24 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI

[2007/01/01 01:42:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax

[2007/01/01 01:42:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax

[2006/12/27 02:14:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/12/25 00:34:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dedea9_g.dll

[2006/12/24 18:08:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI

[2006/12/23 01:09:05 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/12/22 14:38:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2006/12/22 14:38:35 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2006/12/07 11:43:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll

[2006/12/07 11:41:03 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\fusioncache.dat

[2006/12/07 11:40:57 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini

[2006/12/07 11:40:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys

[2006/12/07 11:40:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys

[2006/12/07 11:37:21 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll

[2006/07/19 22:11:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/19 22:08:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll

[2006/06/22 19:25:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll

[2006/06/22 19:02:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2006/06/21 18:11:38 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

[2006/04/27 20:47:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/04/27 20:47:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/04/27 20:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/04/27 20:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/04/27 20:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/04/27 20:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/04/27 20:47:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/04/12 18:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll

[2006/03/08 21:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll

[2006/03/08 21:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll

[2005/11/10 15:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys

[2005/10/30 22:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2005/10/25 19:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2005/06/27 19:12:58 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys

[2004/08/04 01:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2002/07/08 22:44:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [resethosts]


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

================================Follow up scan=================================

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [resethosts]


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

================================Follow up scan=================================

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

As requested:

First OTL result:

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10152010_213657

Followup Scan Result:

OTL logfile created on: 10/15/2010 9:45:01 PM - Run 3

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\T Duprex\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 136.85 Gb Total Space | 109.21 Gb Free Space | 79.80% Space Free | Partition Type: NTFS

Drive D: | 11.65 Gb Total Space | 11.59 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 24.41 Gb Total Space | 21.80 Gb Free Space | 89.30% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

Drive I: | 251.47 Mb Total Space | 120.16 Mb Free Space | 47.78% Space Free | Partition Type: FAT

Computer Name: ACER_PENT

Current User Name: T Duprex

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)

PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eLock\LockServ.exe ()

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)

PRC - C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company)

PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)

PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)

PRC - C:\Program Files\Brownie\BRNIPMON.exe (Brother Industries, Ltd.)

PRC - C:\Program Files\Brownie\BrStsWnd.exe (brother)

PRC - G:\Program Files\Winkey\WinKey.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

MOD - C:\WINDOWS\system32\nview.dll ()

MOD - C:\WINDOWS\system32\nvwimg.dll ()

MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)

SRV - (AdobeActiveFileMonitor5.0) -- g:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

SRV - (LockServ) -- C:\Acer\Empowering Technology\eLock\LockServ.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)

SRV - (AWService) -- C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company)

SRV - (Acer ODDSpeedControl) -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe (TODO: <????>)

SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (rrSpy) -- C:\WINDOWS\System32\drivers\rrSpy.sys File not found

DRV - (catchme) -- C:\DOCUME~1\TDUPRE~1\LOCALS~1\Temp\catchme.sys File not found

DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)

DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)

DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)

DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.)

DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys ()

DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (eLock2FSCTLDriver) -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys (Windows ® 2000 DDK provider)

DRV - (eLock2BurnerLockDriver) -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)

DRV - (psdfilter) -- C:\WINDOWS\system32\drivers\psdfilter.sys (HiTRUST)

DRV - (psdvdisk) -- C:\WINDOWS\system32\drivers\psdvdisk.sys (HiTRUST)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)

DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)

DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)

DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()

DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)

DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation)

DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3

FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:57:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2010/02/07 10:24:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/04 17:12:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 20:40:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 20:40:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/10/02 15:02:00 | 000,000,000 | ---D | M]

[2008/09/05 00:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions

[2008/09/05 00:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/15 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions

[2010/08/28 21:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010/04/27 07:04:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/17 21:48:30 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}

[2010/10/12 21:17:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/06/18 06:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2010/05/31 09:30:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/06/27 10:21:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/02/22 02:04:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}

[2009/09/08 22:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\support@lastpass(2).com

[2010/10/15 20:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/16 20:40:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/04/26 19:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/26 20:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010/09/16 20:40:41 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/16 20:40:41 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/03/27 21:59:43 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2010/09/16 20:40:43 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/02/07 10:24:02 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/02/07 10:24:13 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2010/02/07 10:23:52 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/09/03 19:58:32 | 008,443,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll

[2010/03/29 08:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll

[2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

[2010/03/12 09:03:12 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/03/12 09:03:12 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/03/12 09:03:12 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/03/12 09:03:12 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/03/12 09:03:12 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/03/12 09:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/03/12 09:03:12 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/10/02 05:43:12 | 004,416,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 ads.active.com

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 127.0.0.1 cms.ad2click.nl

O1 - Hosts: 127.0.0.1 ads.ad2games.com

O1 - Hosts: 127.0.0.1 content.ad20.net

O1 - Hosts: 127.0.0.1 core.ad20.net

O1 - Hosts: 127.0.0.1 as.ad611.com

O1 - Hosts: 137800 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/05/16 08:04:00 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/c...ls/pctuneup.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222599322578 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.132.4 66.189.132.20 24.217.0.55

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - C:\WINDOWS\System32\GTGina.dll (Gemtek)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/04/26 09:39:58 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:44 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:46 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ]

O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found

O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found

O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found

O34 - HKLM BootExecute: (autocheck pdboot.exe) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 03:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\MALWARE DOWNLOADS

[2010/10/14 13:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2010/10/13 06:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\HOUSE crao

[2010/10/12 18:54:33 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/03 06:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Gmer

[2010/10/03 06:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Malware Assist

[2010/10/03 05:23:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe

[2010/10/02 22:44:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010/10/02 05:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups

[2010/09/26 07:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\LaQuinta

[2010/09/19 21:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adds Its classified

[2006/12/07 11:37:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/10/15 21:42:40 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\T Duprex\ntuser.dat

[2010/10/15 21:26:15 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Brownie.ini

[2010/10/15 21:13:04 | 003,586,976 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Title 5 Inspection174 Wayside.pdf

[2010/10/15 21:04:13 | 000,206,294 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Executed P&S-174 Wayside.pdf

[2010/10/15 16:58:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/10/15 16:58:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/15 16:58:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/10/15 16:58:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/10/15 16:58:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/15 16:58:29 | 2145,894,400 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/15 11:17:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\T Duprex\ntuser.ini

[2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw

[2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw

[2010/10/15 07:50:54 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 04-22-10.apw

[2010/10/14 05:01:18 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/14 04:55:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/10/14 03:08:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/13 22:37:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/13 11:32:04 | 002,605,056 | ---- | M] () -- C:\WINDOWS\outlook.pst

[2010/10/13 10:16:32 | 000,000,920 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/10/13 06:52:42 | 000,007,804 | ---- | M] () -- C:\WINDOWS\extend.dat

[2010/10/13 06:51:50 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk

[2010/10/03 06:17:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\gmer.zip

[2010/10/03 05:23:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe

[2010/10/02 22:43:45 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe

[2010/10/02 12:06:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/02 05:43:12 | 004,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak

[2010/10/02 05:43:12 | 004,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2010/10/01 10:20:10 | 000,019,252 | ---- | M] () -- C:\WINDOWS\OutlPrnt

[2010/09/24 03:55:06 | 000,023,474 | ---- | M] () -- C:\WINDOWS\fixed pst.FAV

[2010/09/24 03:18:09 | 000,032,768 | ---- | M] () -- C:\WINDOWS\mailbox.PAB

[2010/09/24 03:12:48 | 000,005,850 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3

[2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3

[2010/09/19 20:32:29 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls

[2010/09/19 19:37:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2010/09/19 01:27:08 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll

[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll

[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll

[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll

[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll

[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/09/15 22:49:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u

========== Files Created - No Company Name ==========

[2010/10/15 21:13:03 | 003,586,976 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Title 5 Inspection174 Wayside.pdf

[2010/10/15 21:04:12 | 000,206,294 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Executed P&S-174 Wayside.pdf

[2010/10/15 07:52:11 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw

[2010/10/15 07:51:37 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw

[2010/10/14 17:29:57 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/10/13 06:51:50 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk

[2010/10/03 06:17:32 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\gmer.zip

[2010/10/02 22:43:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe

[2010/10/02 12:06:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/09/29 18:18:10 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\T Duprex\ntuser.dat

[2010/09/24 03:55:06 | 000,023,474 | ---- | C] () -- C:\WINDOWS\fixed pst.FAV

[2010/09/19 21:05:54 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3

[2010/09/19 20:47:23 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3

[2010/09/19 20:44:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls

[2010/09/17 01:16:42 | 1150,237,070 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Latest Sam Lesson.wav

[2010/04/15 19:55:27 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\ir41_32O.dll

[2009/10/18 12:52:46 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009/09/21 08:02:53 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll

[2009/08/15 14:07:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/31 20:47:14 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/07/15 21:43:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u

[2009/07/15 21:40:51 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/07/15 21:40:51 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/01/11 10:07:54 | 000,000,253 | ---- | C] () -- C:\WINDOWS\NGMAD70.INI

[2008/09/16 08:36:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2008/09/16 08:32:42 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2008/09/16 08:32:42 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini

[2008/09/16 08:32:42 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini

[2008/09/16 08:32:42 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2008/09/16 08:31:12 | 000,000,268 | ---- | C] () -- C:\WINDOWS\EPSON 2450 Installer.ini

[2008/08/18 06:40:30 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI

[2008/08/05 17:00:17 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini

[2007/10/04 05:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/09/26 05:55:02 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/09/26 05:55:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini

[2007/08/06 19:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI

[2007/08/06 19:24:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll

[2007/08/06 19:24:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll

[2007/08/06 19:24:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll

[2007/03/20 22:17:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2007/02/10 17:13:19 | 000,000,280 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2007/02/10 17:13:19 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2007/02/10 17:13:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI

[2007/02/10 17:13:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL

[2007/02/10 17:13:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL

[2007/02/10 17:13:12 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL

[2007/02/10 17:13:11 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI

[2007/02/10 17:12:57 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2007/02/10 17:12:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll

[2007/01/05 17:45:28 | 000,010,242 | ---- | C] () -- C:\WINDOWS\MSUMLT_C.ini

[2007/01/01 03:38:51 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp

[2007/01/01 01:42:24 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI

[2007/01/01 01:42:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax

[2007/01/01 01:42:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax

[2006/12/27 02:14:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/12/25 00:34:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dedea9_g.dll

[2006/12/24 18:08:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI

[2006/12/23 01:09:05 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/12/22 14:38:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2006/12/22 14:38:35 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2006/12/07 11:43:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll

[2006/12/07 11:41:03 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\fusioncache.dat

[2006/12/07 11:40:57 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini

[2006/12/07 11:40:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys

[2006/12/07 11:40:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys

[2006/12/07 11:37:21 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll

[2006/07/19 22:11:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/19 22:08:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll

[2006/06/22 19:25:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll

[2006/06/22 19:02:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2006/06/21 18:11:38 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

[2006/04/27 20:47:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/04/27 20:47:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/04/27 20:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/04/27 20:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/04/27 20:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/04/27 20:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/04/27 20:47:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/04/12 18:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll

[2006/03/08 21:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll

[2006/03/08 21:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll

[2005/11/10 15:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys

[2005/10/30 22:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2005/10/25 19:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2005/06/27 19:12:58 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys

[2004/08/04 01:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2002/07/08 22:44:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

Looks like Winpatrol has stopped the process of fixing the hosts removal.

Please disable it and try it again.

I exited Winpatrol and ran both again. I then checked HOSTS and it was empty except for two entries. Then did the second OTL request.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL logfile created on: 10/16/2010 2:17:12 PM - Run 4

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\T Duprex\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 136.85 Gb Total Space | 109.18 Gb Free Space | 79.78% Space Free | Partition Type: NTFS

Drive D: | 11.65 Gb Total Space | 11.59 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 24.41 Gb Total Space | 21.80 Gb Free Space | 89.30% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

Drive I: | 251.47 Mb Total Space | 120.16 Mb Free Space | 47.78% Space Free | Partition Type: FAT

Computer Name: ACER_PENT

Current User Name: T Duprex

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)

PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)

PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eLock\LockServ.exe ()

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)

PRC - C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company)

PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)

PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)

PRC - G:\Program Files\Winkey\WinKey.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\T Duprex\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\nview.dll ()

MOD - C:\WINDOWS\system32\nvwimg.dll ()

MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)

SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)

SRV - (AdobeActiveFileMonitor5.0) -- g:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

SRV - (LockServ) -- C:\Acer\Empowering Technology\eLock\LockServ.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)

SRV - (AWService) -- C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company)

SRV - (Acer ODDSpeedControl) -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe (TODO: <????>)

SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)

========== Driver Services (SafeList) ==========

DRV - (rrSpy) -- C:\WINDOWS\System32\drivers\rrSpy.sys File not found

DRV - (catchme) -- C:\DOCUME~1\TDUPRE~1\LOCALS~1\Temp\catchme.sys File not found

DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)

DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)

DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)

DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (DefragFS) -- C:\WINDOWS\System32\drivers\DefragFs.sys (Raxco Software, Inc.)

DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys ()

DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (eLock2FSCTLDriver) -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys (Windows ® 2000 DDK provider)

DRV - (eLock2BurnerLockDriver) -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)

DRV - (psdfilter) -- C:\WINDOWS\system32\drivers\psdfilter.sys (HiTRUST)

DRV - (psdvdisk) -- C:\WINDOWS\system32\drivers\psdvdisk.sys (HiTRUST)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)

DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)

DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)

DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()

DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)

DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (ICDUSB2) Sony IC Recorder (P) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation)

DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3

FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:57:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2010/02/07 10:24:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/04 17:12:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 20:40:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/15 22:05:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/10/02 15:02:00 | 000,000,000 | ---D | M]

[2008/09/05 00:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions

[2008/09/05 00:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/15 20:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions

[2010/08/28 21:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010/04/27 07:04:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/17 21:48:30 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}

[2010/10/12 21:17:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/06/18 06:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2010/05/31 09:30:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/06/27 10:21:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/02/22 02:04:40 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}

[2009/09/08 22:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T Duprex\Application Data\Mozilla\Firefox\Profiles\38bduv9u.default\extensions\support@lastpass(2).com

[2010/10/15 20:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/16 20:40:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/04/26 19:50:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/26 20:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010/09/16 20:40:41 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/16 20:40:41 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/03/27 21:59:43 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2010/09/16 20:40:43 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2010/09/22 18:10:52 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/02/07 10:24:02 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/02/07 10:24:13 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

[2010/02/07 10:23:52 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2009/09/03 19:58:32 | 008,443,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll

[2010/03/29 08:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2009/09/03 19:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll

[2009/09/03 19:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

[2010/03/12 09:03:12 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/03/12 09:03:12 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/03/12 09:03:12 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/03/12 09:03:12 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/03/12 09:03:12 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/03/12 09:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/03/12 09:03:12 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/10/16 14:15:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/05/16 08:04:00 | 000,000,000 | -H-D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/c...ls/pctuneup.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1222599322578 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.132.4 66.189.132.20 24.217.0.55

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - C:\WINDOWS\System32\GTGina.dll (Gemtek)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/04/26 09:39:58 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:44 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/02 22:44:46 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ]

O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\AutoRun\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found

O33 - MountPoints2\{3648102a-3267-11de-b00d-0019214df2c4}\Shell\Flip Video for PC\command - "" = J:\system\viewer\FlipVideoforPC.exe -- File not found

O33 - MountPoints2\{f4c29402-d697-11dd-ae94-0019214df2c4}\Shell\Shell00\Command - "" = L:\Start.exe -- File not found

O34 - HKLM BootExecute: (autocheck pdboot.exe) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 22:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Wayside

[2010/10/14 13:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2010/10/12 18:54:33 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/03 06:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Gmer

[2010/10/03 06:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\Malware Assist

[2010/10/03 05:23:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe

[2010/10/02 22:44:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010/10/02 05:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups

[2010/09/26 07:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T Duprex\Desktop\LaQuinta

[2010/09/19 21:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adds Its classified

[2006/12/07 11:37:21 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/10/16 14:15:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2010/10/16 14:02:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/16 14:02:16 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/10/16 14:02:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/10/16 14:01:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/10/16 14:01:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/16 14:01:55 | 2145,894,400 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/16 09:55:40 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\T Duprex\ntuser.dat

[2010/10/16 09:55:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\T Duprex\ntuser.ini

[2010/10/15 22:23:34 | 000,000,216 | ---- | M] () -- C:\WINDOWS\Brownie.ini

[2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw

[2010/10/15 07:51:38 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw

[2010/10/15 07:50:54 | 000,009,574 | ---- | M] () -- C:\Documents and Settings\T Duprex\My Documents\Password 04-22-10.apw

[2010/10/14 05:01:18 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/14 04:55:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/10/14 03:08:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/13 22:37:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/13 11:32:04 | 002,605,056 | ---- | M] () -- C:\WINDOWS\outlook.pst

[2010/10/13 10:16:32 | 000,000,920 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/10/13 06:52:42 | 000,007,804 | ---- | M] () -- C:\WINDOWS\extend.dat

[2010/10/13 06:51:50 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk

[2010/10/03 05:23:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T Duprex\Desktop\OTL.exe

[2010/10/02 22:43:45 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe

[2010/10/02 12:06:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/02 05:43:12 | 004,416,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak

[2010/10/01 10:20:10 | 000,019,252 | ---- | M] () -- C:\WINDOWS\OutlPrnt

[2010/09/24 03:55:06 | 000,023,474 | ---- | M] () -- C:\WINDOWS\fixed pst.FAV

[2010/09/24 03:18:09 | 000,032,768 | ---- | M] () -- C:\WINDOWS\mailbox.PAB

[2010/09/24 03:12:48 | 000,005,850 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3

[2010/09/19 20:59:26 | 128,771,551 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3

[2010/09/19 20:32:29 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls

[2010/09/19 19:37:24 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2010/09/19 01:27:08 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll

[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll

[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll

[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll

[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll

[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

========== Files Created - No Company Name ==========

[2010/10/15 07:52:11 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Password 10-15-10.apw

[2010/10/15 07:51:37 | 000,009,574 | ---- | C] () -- C:\Documents and Settings\T Duprex\My Documents\Password 10-15-10.apw

[2010/10/14 17:29:57 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/10/13 06:51:50 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Earth.lnk

[2010/10/02 22:43:44 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Flash_Disinfector.exe

[2010/10/02 12:06:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/09/29 18:18:10 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\T Duprex\ntuser.dat

[2010/09/24 03:55:06 | 000,023,474 | ---- | C] () -- C:\WINDOWS\fixed pst.FAV

[2010/09/19 21:05:54 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Mary 9-16-10.mp3

[2010/09/19 20:47:23 | 128,771,551 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Mary 9-16-10.mp3

[2010/09/19 20:44:09 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\House List Sort 3.xls

[2010/09/17 01:16:42 | 1150,237,070 | ---- | C] () -- C:\Documents and Settings\T Duprex\Desktop\Latest Sam Lesson.wav

[2010/04/15 19:55:27 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\ir41_32O.dll

[2009/10/18 12:52:46 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009/09/21 08:02:53 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll

[2009/08/15 14:07:31 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/31 20:47:14 | 000,000,063 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/07/15 21:43:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\T Duprex\Application Data\AVSDVDPlayer.m3u

[2009/07/15 21:40:51 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/07/15 21:40:51 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/01/11 10:07:54 | 000,000,253 | ---- | C] () -- C:\WINDOWS\NGMAD70.INI

[2008/09/16 08:36:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2008/09/16 08:32:42 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2008/09/16 08:32:42 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini

[2008/09/16 08:32:42 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini

[2008/09/16 08:32:42 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2008/09/16 08:31:12 | 000,000,268 | ---- | C] () -- C:\WINDOWS\EPSON 2450 Installer.ini

[2008/08/18 06:40:30 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI

[2008/08/05 17:00:17 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini

[2007/10/04 05:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/09/26 05:55:02 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/09/26 05:55:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini

[2007/08/06 19:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI

[2007/08/06 19:24:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll

[2007/08/06 19:24:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll

[2007/08/06 19:24:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll

[2007/03/20 22:17:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2007/02/10 17:13:19 | 000,000,216 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2007/02/10 17:13:19 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2007/02/10 17:13:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI

[2007/02/10 17:13:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL

[2007/02/10 17:13:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL

[2007/02/10 17:13:12 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL

[2007/02/10 17:13:11 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI

[2007/02/10 17:12:57 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2007/02/10 17:12:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll

[2007/01/05 17:45:28 | 000,010,242 | ---- | C] () -- C:\WINDOWS\MSUMLT_C.ini

[2007/01/01 03:38:51 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp_bmp.bmp

[2007/01/01 01:42:24 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MICRX.TNI

[2007/01/01 01:42:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pict_datax

[2007/01/01 01:42:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\datax

[2006/12/27 02:14:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/12/25 00:34:36 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\dedea9_g.dll

[2006/12/24 18:08:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI

[2006/12/23 01:09:05 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/12/22 14:38:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2006/12/22 14:38:35 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2006/12/07 11:43:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MWLPS.dll

[2006/12/07 11:41:03 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\T Duprex\Local Settings\Application Data\fusioncache.dat

[2006/12/07 11:40:57 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini

[2006/12/07 11:40:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys

[2006/12/07 11:40:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys

[2006/12/07 11:37:21 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll

[2006/07/19 22:11:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/19 22:08:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll

[2006/07/19 22:07:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll

[2006/06/22 19:25:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll

[2006/06/22 19:02:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2006/06/21 18:11:38 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

[2006/04/27 20:47:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/04/27 20:47:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/04/27 20:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/04/27 20:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/04/27 20:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/04/27 20:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/04/27 20:47:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/04/12 18:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll

[2006/03/08 21:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll

[2006/03/08 21:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll

[2005/11/10 15:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys

[2005/10/30 22:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2005/10/25 19:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2005/06/27 19:12:58 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys

[2004/08/04 01:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2002/07/08 22:44:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Link to post
Share on other sites

Kahdah:

I turned on WinPatrol and within minutes I received the warning that an attempt to add to the HOSTS file is being made. So I allowed it then checked HOSTS and there was no new entry just the two that remained after resetting HOSTS.

TD5

Link to post
Share on other sites

Yes that is fine it guards it from being changed when it realized it had been changed it alerted you.

======Cleanup======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Yes that is fine it guards it from being changed when it realized it had been changed it alerted you.

======Cleanup======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Kahdah:

Did as requested.

It looks like WinPatrol warnings about HOSTS file entries have stopped. After about 10 minutes, I used HostsMan update to populate the HOSTS file. I then got a single WinPatrol warning which I accepted. So far no further warnings.

Could you tell me what was causing the repeated WinPatrol warnings about an attempted HOSTS file entry? What did you see?

TD 5

It looks like the frequently appearing warnings from WinPatrol have stopped.

Link to post
Share on other sites

was causing the repeated WinPatrol warnings about an attempted HOSTS file entry? What did you see?
I t just looked like a hijacked hosts file to me.

Nothing else was present.

If the changes didn't take because of WinPatrol it would have constantly let you know about it.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.