Jump to content

Recommended Posts

:D

Hi,

I have been battling a program named Personal Internet Security 2011 on my lap top for a couple weeks ( I only have a couple hours in the evening that I can work at this) and found that Malwarebytes rid my machine of the basic program but, it still has the redirecting thing going on. I read a thread on this site about a similar problem on redirecting that spurred me to seek assistance here. So here goes...

As mentioned redirecting is the most noticeable problem. Then there is the other issues like the computer shuts off when I run Spy Bot S&D after about 10 minutes. It has recently started doing the same when I run Malwarebytes. Since I rid the Personal Internet Security 2011 from my PC I have run numerous scans and cleaned countless items. I have used CCleaner, Spy Bot, Max Spyware Dectector, AVG9 & Registry Healer. All of which I have used for some time. This problem persists. And now GMER will not complete as the machines goes to a black screen and shuts down after 10 minutes or so. I have run DeFogger, DDS, and attepmted GMER.

Seems the critters on the web are getting more devious and difficult to weed out. Any help with this would be apreciated. Please find below the results of scans, thanks.

DDS (Ver_10-12-12.02) - NTFSx86

Run by 5150 at 21:31:57.89 on Wed 01/26/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.623 [GMT -8:00]

AV: Personal Internet Security 2011 *Enabled/Updated* {A9AC25CD-99A7-4312-9087-F98EEC05F959}

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Personal Internet Security 2011 *Enabled/Updated* {5D4C6705-7015-49DD-A35A-EBBECCEE1B78}

FW: Personal Internet Security 2011 *Enabled*

FW: ZoneAlarm Firewall *Enabled*

FW: Personal Internet Security 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\ACS.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Max Spyware Detector\MaxSDTray.exe

svchost.exe

C:\Program Files\Max Spyware Detector\MaxUSBProc.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Max Spyware Detector\MaxActMon.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Max Spyware Detector\MaxDSrv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Maxthon2\Maxthon.exe

C:\Documents and Settings\5150\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.startsearcher.com

uSearch Bar = hxxp://www.toshiba.com/search

uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm

mStart Page = hxxp://www.startsearcher.com

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZon1.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZon1.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [sDActiveMonitor] c:\program files\max spyware detector\MaxSDTray.exe -AUTO

mRun: [MaxUSBProc] c:\program files\max spyware detector\MaxUSBProc.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [sDAutoScan]

IE: &AOL Toolbar search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277178508153

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: OLT.exe - svchost.exe

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 65.98.95.68 www.google.com

Hosts: 65.98.95.68 google.com

Hosts: 65.98.95.68 google.com.au

Hosts: 65.98.95.68 www.google.com.au

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-19 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-21 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-21 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-21 243024]

R1 MaxProtector32;MaxProtector32;c:\program files\max spyware detector\MaxProtector32.sys [2011-1-7 40592]

R1 SDManager;SDManager;c:\program files\max spyware detector\SDManager.sys [2010-5-22 33936]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-25 532224]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]

R2 MaxWatchDogService;MaxWatchDogService;c:\program files\max spyware detector\MaxWatchDogService.exe [2010-5-22 507536]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 MaxDSrv;MaxDSrv;c:\program files\max spyware detector\MaxDSrv.exe [2011-1-17 450704]

R3 SDActMon;SDActMon;c:\program files\max spyware detector\SDActMon.sys [2010-5-22 37520]

S2 MaxNPF;MaxNPF; [x]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

S3 SEM43XX;Sony Ericsson 802.11 Wireless LAN Adapter Driver SEM43XX;c:\windows\system32\drivers\semwl5.SYS [2005-1-2 368896]

S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [2005-1-2 114944]

S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [2005-1-2 53248]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\GCXXSC.sys [2004-12-21 21888]

S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2008-3-6 81920]

=============== Created Last 30 ================

2011-01-16 05:21:35 -------- d-----w- c:\program files\VS Revo Group

2011-01-16 05:08:22 -------- d-----w- c:\program files\CCleaner

2011-01-15 06:06:03 -------- d-----w- C:\a016658004ccf241a6

2011-01-14 00:54:25 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\PILQKTXSCIS

2011-01-14 00:51:50 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\259061

2011-01-05 22:13:03 8724992 ----a-w- c:\windows\VzInHomeAgentInstaller.msi

2011-01-05 22:03:42 9836032 ----a-w- c:\windows\VerizonDM.msi

2011-01-05 22:03:14 -------- d-----w- c:\program files\common files\SupportSoft

2011-01-05 22:03:13 -------- d-----w- c:\program files\Verizon

==================== Find3M ====================

2011-01-08 05:30:46 1348096 ----a-w- c:\windows\system32\CheckDll.dll

2010-12-08 17:12:59 8136704 ---ha-w- c:\windows\system32\SecSigDB.BIN

2010-12-08 17:12:59 450000 ---ha-w- c:\windows\system32\NameDB.BIN

2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:34:11 78336 ------w- c:\windows\system32\ieencode.dll

2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl

2010-11-06 00:34:11 17408 ------w- c:\windows\system32\corpol.dll

2010-11-03 12:25:53 389120 ------w- c:\windows\system32\html.iec

============= FINISH: 21:33:17.18 ===============

Attach.zip

Link to post
Share on other sites

Hello riverrunner06! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

Please disable Ad-Watch module, part of Ad-Aware:

http://www.bleepingcomputer.com/forums/top...post__p__649847

Step 2

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. rkill.pif
  5. WiNlOgOn.exe
  6. uSeRiNiT.exe

Please post the log in your next reply.

Note: The log can be found at the root of your installed hard drive entitled rkill.log

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. RKill log
  2. Malwarebytes' Anti-Malware log
  3. a new fresh DDS log only

Link to post
Share on other sites

Thank you for the quick response!

I was able to run the scans though it took a few tries to get DDS to finish a scan. Hope this will be of help...

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 01/27/2011 at 7:41:34.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 01/27/2011 at 7:41:49.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5618

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

1/27/2011 8:28:17 AM

mbam-log-2011-01-27 (08-28-17).txt

Scan type: Quick scan

Objects scanned: 172456

Time elapsed: 41 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-12-12.02) - NTFSx86

Run by 5150 at 20:24:22.29 on Thu 01/27/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.821 [GMT -8:00]

AV: Personal Internet Security 2011 *Enabled/Updated* {A9AC25CD-99A7-4312-9087-F98EEC05F959}

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Personal Internet Security 2011 *Enabled/Updated* {5D4C6705-7015-49DD-A35A-EBBECCEE1B78}

FW: Personal Internet Security 2011 *Enabled*

FW: ZoneAlarm Firewall *Enabled*

FW: Personal Internet Security 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\ACS.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe

C:\Program Files\Max Spyware Detector\MaxActMon.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Max Spyware Detector\MaxSDTray.exe

C:\Program Files\Max Spyware Detector\MaxUSBProc.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Max Spyware Detector\MaxDSrv.exe

C:\Documents and Settings\5150\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.startsearcher.com

uSearch Bar = hxxp://www.toshiba.com/search

uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm

mStart Page = hxxp://www.startsearcher.com

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZon1.dll

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZon1.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [sDActiveMonitor] c:\program files\max spyware detector\MaxSDTray.exe -AUTO

mRun: [MaxUSBProc] c:\program files\max spyware detector\MaxUSBProc.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [sDAutoScan]

IE: &AOL Toolbar search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277178508153

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: OLT.exe - svchost.exe

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 65.98.95.68 www.google.com

Hosts: 65.98.95.68 google.com

Hosts: 65.98.95.68 google.com.au

Hosts: 65.98.95.68 www.google.com.au

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-19 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-21 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-21 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-21 243024]

R1 MaxProtector32;MaxProtector32;c:\program files\max spyware detector\MaxProtector32.sys [2011-1-7 40592]

R1 SDManager;SDManager;c:\program files\max spyware detector\SDManager.sys [2010-5-22 33936]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-25 532224]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 MaxWatchDogService;MaxWatchDogService;c:\program files\max spyware detector\MaxWatchDogService.exe [2010-5-22 507536]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 MaxDSrv;MaxDSrv;c:\program files\max spyware detector\MaxDSrv.exe [2011-1-17 450704]

R3 SDActMon;SDActMon;c:\program files\max spyware detector\SDActMon.sys [2010-5-22 37520]

S2 MaxNPF;MaxNPF; [x]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

S3 SEM43XX;Sony Ericsson 802.11 Wireless LAN Adapter Driver SEM43XX;c:\windows\system32\drivers\semwl5.SYS [2005-1-2 368896]

S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [2005-1-2 114944]

S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [2005-1-2 53248]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\GCXXSC.sys [2004-12-21 21888]

S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2008-3-6 81920]

=============== Created Last 30 ================

2011-01-16 05:21:35 -------- d-----w- c:\program files\VS Revo Group

2011-01-16 05:08:22 -------- d-----w- c:\program files\CCleaner

2011-01-15 06:06:03 -------- d-----w- C:\a016658004ccf241a6

2011-01-14 00:54:25 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\PILQKTXSCIS

2011-01-14 00:51:50 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\259061

2011-01-05 22:13:03 8724992 ----a-w- c:\windows\VzInHomeAgentInstaller.msi

2011-01-05 22:03:42 9836032 ----a-w- c:\windows\VerizonDM.msi

2011-01-05 22:03:14 -------- d-----w- c:\program files\common files\SupportSoft

2011-01-05 22:03:13 -------- d-----w- c:\program files\Verizon

==================== Find3M ====================

2011-01-08 05:30:46 1348096 ----a-w- c:\windows\system32\CheckDll.dll

2010-12-08 17:12:59 8136704 ---ha-w- c:\windows\system32\SecSigDB.BIN

2010-12-08 17:12:59 450000 ---ha-w- c:\windows\system32\NameDB.BIN

2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:34:11 78336 ------w- c:\windows\system32\ieencode.dll

2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl

2010-11-06 00:34:11 17408 ------w- c:\windows\system32\corpol.dll

2010-11-03 12:25:53 389120 ------w- c:\windows\system32\html.iec

============= FINISH: 20:25:08.62 ===============

Link to post
Share on other sites

  • Download OTL (by OldTimer):
    1. OTL.exe
    2. OTL.com
    3. OTL.scr

    [*]Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.

    [*]When the window appears, underneath Output at the top change it to Minimal Output.

    [*]Under the Standard Registry box change it to All.

    [*]Check the boxes beside LOP Check and Purity Check.

    [*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

This scan ran without a glitch...

OTL logfile created on: 1/28/2011 7:20:46 AM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\5150\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 93.16 Gb Total Space | 51.18 Gb Free Space | 54.93% Space Free | Partition Type: NTFS

Computer Name: SOCKETMAN2 | User Name: 5150 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\5150\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Max Spyware Detector\MaxSDTray.exe (Max Secure Software)

PRC - C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe (Max Secure Software)

PRC - C:\Program Files\Max Spyware Detector\MaxUSBProc.exe (Max Secure Software)

PRC - C:\Program Files\Max Spyware Detector\MaxDSrv.exe (Max Secure Software)

PRC - C:\Program Files\Max Spyware Detector\MaxActMon.exe (Max Secure Software)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\acs.exe ()

PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\5150\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (MaxWatchDogService) -- C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe (Max Secure Software)

SRV - (MaxDSrv) -- C:\Program Files\Max Spyware Detector\MaxDSrv.exe (Max Secure Software)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)

SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)

SRV - (KodakDigitalDisplayService) -- C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe (Orb Networks)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()

SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (SDActMon) -- C:\Program Files\Max Spyware Detector\SDActMon.sys (Max Secure Software)

DRV - (MaxProtector32) -- C:\Program Files\Max Spyware Detector\MaxProtector32.sys (Max Secure Software)

DRV - (SDManager) -- c:\Program Files\Max Spyware Detector\SDManager.sys (Max Secure Software)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)

DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)

DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (SEM43XX) -- C:\WINDOWS\system32\drivers\semwl5.SYS (Broadcom Corporation)

DRV - (SEMWModem) -- C:\WINDOWS\system32\drivers\GCXX.sys (Broadcom Corporation)

DRV - (SEMWWNIC) -- C:\WINDOWS\system32\drivers\GCXXNet.sys (Broadcom Corporation)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\GCXXSC.sys (Broadcom Corporation)

DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (PCTEL Inc.)

DRV - (TPwSav) -- C:\WINDOWS\System32\DRIVERS\TPwSav.sys (TOSHIBA )

DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (TCtrlIO) -- C:\WINDOWS\system32\drivers\TCtrlIO.sys (TOSHIBA )

DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)

DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)

DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)

DRV - (SerTVOutCtlr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)

DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)

DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)

DRV - (caboagp) -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)

DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )

DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)

DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Roxio)

DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)

DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)

DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)

DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)

DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()

DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com

IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/02/24 22:20:12 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/01/15 09:25:04 | 000,428,979 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14782 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [MaxUSBProc] C:\Program Files\Max Spyware Detector\MaxUSBProc.exe (Max Secure Software)

O4 - HKLM..\Run: [sDActiveMonitor] C:\Program Files\Max Spyware Detector\MaxSDTray.exe (Max Secure Software)

O4 - HKLM..\Run: [sDAutoScan] File not found

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O15 - HKCU\..Trusted Domains: internet ([]about in Internet)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1277178508153 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 () - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\5150\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\5150\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{6f9b2765-c9e9-11df-9166-000fb0656037}\Shell - "" = AutoRun

O33 - MountPoints2\{6f9b2765-c9e9-11df-9166-000fb0656037}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (SDEarlyDelete) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/28 07:18:13 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\5150\Desktop\OTL.exe

[2011/01/16 19:59:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\5150\Recent

[2011/01/15 21:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2011/01/15 21:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\5150\Start Menu\Programs\Revo Uninstaller

[2011/01/15 21:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

[2011/01/15 21:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011/01/14 22:06:03 | 000,000,000 | ---D | C] -- C:\a016658004ccf241a6

[2011/01/13 16:54:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\PILQKTXSCIS

[2011/01/13 16:51:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\259061

[2011/01/05 14:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft

[2011/01/05 14:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon

[2010/02/19 23:20:16 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

[2004/07/10 21:11:42 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/28 07:18:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\5150\Desktop\OTL.exe

[2011/01/28 07:13:01 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/27 20:33:33 | 070,535,791 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2011/01/27 07:31:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/01/26 22:29:44 | 000,004,567 | ---- | M] () -- C:\Documents and Settings\5150\Desktop\Attach.zip

[2011/01/26 21:36:03 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\5150\Desktop\lizye0m0.exe

[2011/01/26 21:31:13 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\5150\Desktop\dds.scr

[2011/01/26 21:30:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\5150\defogger_reenable

[2011/01/26 21:29:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\5150\Desktop\Defogger.exe

[2011/01/24 21:00:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/01/17 09:04:33 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Max Spyware Detector.lnk

[2011/01/15 21:48:07 | 009,366,016 | ---- | M] () -- C:\Documents and Settings\5150\My Documents\Killing Malicious Processes and Removing Harmful Files.wps

[2011/01/15 21:21:36 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\5150\Desktop\Revo Uninstaller.lnk

[2011/01/15 21:08:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/01/15 09:25:04 | 000,428,979 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/01/15 09:25:03 | 000,429,310 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110115-092504.backup

[2011/01/14 22:06:31 | 000,000,211 | ---- | M] () -- C:\boot.ini

[2011/01/14 22:01:25 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\host_new

[2011/01/14 21:57:45 | 000,429,445 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110115-092503.backup

[2011/01/14 08:26:39 | 000,429,445 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191844.backup

[2011/01/14 08:26:39 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191858.backup

[2011/01/14 08:26:39 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191857.backup

[2011/01/14 08:26:39 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191856.backup

[2011/01/14 08:26:39 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191855.backup

[2011/01/14 08:26:39 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191854.backup

[2011/01/14 08:26:39 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191853.backup

[2011/01/14 08:26:39 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191852.backup

[2011/01/14 08:26:39 | 000,429,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-191851.backup

[2011/01/13 20:21:12 | 000,429,398 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110113-202753.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-074700.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-074659.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-074658.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-074657.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-074652.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-062010.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-062008.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-062007.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-062006.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-062005.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-062004.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-062003.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-061954.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-061948.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-061928.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110113-202807.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110113-202806.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110113-202805.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110113-202804.backup

[2011/01/13 20:21:12 | 000,429,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110113-202801.backup

[2011/01/07 21:30:46 | 001,348,096 | ---- | M] (Max Secure Software) -- C:\WINDOWS\System32\CheckDll.dll

[2011/01/05 13:56:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/26 22:29:44 | 000,004,567 | ---- | C] () -- C:\Documents and Settings\5150\Desktop\Attach.zip

[2011/01/26 21:36:07 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\5150\Desktop\lizye0m0.exe

[2011/01/26 21:31:12 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\5150\Desktop\dds.scr

[2011/01/26 21:30:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\5150\defogger_reenable

[2011/01/26 21:29:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\5150\Desktop\Defogger.exe

[2011/01/15 21:48:02 | 009,366,016 | ---- | C] () -- C:\Documents and Settings\5150\My Documents\Killing Malicious Processes and Removing Harmful Files.wps

[2011/01/15 21:21:36 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\5150\Desktop\Revo Uninstaller.lnk

[2011/01/15 21:08:24 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/01/05 14:13:03 | 008,724,992 | ---- | C] () -- C:\WINDOWS\VzInHomeAgentInstaller.msi

[2011/01/05 14:03:42 | 009,836,032 | ---- | C] () -- C:\WINDOWS\VerizonDM.msi

[2010/10/16 06:10:29 | 000,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini

[2010/10/16 06:10:28 | 000,002,193 | ---- | C] () -- C:\WINDOWS\photoimpression.ini

[2010/10/16 06:10:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2010/09/27 19:34:43 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll

[2010/02/19 23:20:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\Pbtrvd32.dll

[2010/02/19 23:20:55 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\Sbtrv32.dll

[2010/02/19 23:20:55 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Swcomp32.dll

[2010/02/19 23:20:54 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Pedtconv.dll

[2010/02/19 23:20:51 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Vamngr32.dll

[2010/02/19 23:20:18 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL

[2010/02/19 23:20:17 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL

[2010/02/19 23:20:17 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL

[2010/02/19 23:20:16 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL

[2009/01/24 07:43:57 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini

[2009/01/02 10:39:52 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\RCCustomSetup.ini

[2008/11/19 22:06:14 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\5150\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/10 23:47:16 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll

[2008/09/10 13:33:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2008/09/10 13:15:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/02/09 14:46:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL

[2004/09/16 16:58:56 | 000,010,739 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/09/16 16:58:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI

[2004/09/16 16:58:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI

[2004/08/16 08:49:44 | 000,000,895 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2004/08/16 08:27:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2004/08/16 08:27:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2004/08/16 08:27:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2004/08/16 08:27:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2004/08/16 08:27:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2004/08/16 08:27:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2004/08/12 13:23:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2004/08/12 13:21:10 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys

[2004/08/12 13:17:15 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2004/08/12 13:17:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2004/08/12 13:17:15 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2004/08/12 13:17:15 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2004/08/12 13:14:27 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll

[2004/08/12 12:56:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2004/08/12 11:54:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/08/12 11:50:40 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/12 11:43:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/12 10:34:05 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/12 04:39:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/07/12 22:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/07/10 20:35:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/10/16 06:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\Canon

[2010/07/26 06:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\CheckPoint

[2004/08/16 08:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\InterTrust

[2004/08/16 09:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\InterVideo

[2008/09/17 12:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\MSNInstaller

[2011/01/28 07:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\MxBoost

[2008/09/17 13:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\T-Mobile

[2008/09/17 11:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\Template

[2004/08/16 07:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\toshiba

[2009/01/27 17:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\5150\Application Data\Viewpoint

[2011/01/16 08:36:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\259061

[2010/05/21 18:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/07/05 08:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KEDDS

[2010/02/03 07:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure

[2008/09/10 14:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster

[2010/07/05 08:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks

[2010/03/03 21:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2011/01/13 16:54:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PILQKTXSCIS

[2009/01/02 10:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\T-Mobile

[2010/12/14 19:01:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

[2010/09/01 10:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/02/07 08:55:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

[2011/01/27 07:31:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:files
C:\Documents and Settings\All Users\Application Data\PILQKTXSCIS
C:\Documents and Settings\All Users\Application Data\259061
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Documents and Settings\5150\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites

OK,

Ran the scan and followed the prompts...

All processes killed

========== FILES ==========

C:\Documents and Settings\All Users\Application Data\PILQKTXSCIS folder moved successfully.

C:\Documents and Settings\All Users\Application Data\259061\Quarantine Items folder moved successfully.

C:\Documents and Settings\All Users\Application Data\259061\PISSys folder moved successfully.

C:\Documents and Settings\All Users\Application Data\259061 folder moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\WINDOWS\System32\SET28A.tmp moved successfully.

C:\WINDOWS\System32\SET28E.tmp moved successfully.

C:\WINDOWS\System32\SET296.tmp moved successfully.

C:\WINDOWS\System32\SET2E0.tmp moved successfully.

C:\WINDOWS\002492_.tmp moved successfully.

C:\Documents and Settings\5150\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\5150\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\5150\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\5150\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\5150\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\5150\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\5150\Application Data\Viewpoint folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: 5150

->Temp folder emptied: 5772458 bytes

->Temporary Internet Files folder emptied: 280950026 bytes

->Java cache emptied: 3528636 bytes

->Flash cache emptied: 18740 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: kodak

->Temp folder emptied: 32768 bytes

->Temporary Internet Files folder emptied: 42187 bytes

User: LocalService

->Temp folder emptied: 2045592 bytes

->Temporary Internet Files folder emptied: 59678 bytes

User: NetworkService

->Temp folder emptied: 1985560 bytes

->Temporary Internet Files folder emptied: 125465236 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 78980033 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 46422960 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 520.00 mb

[EMPTYFLASH]

User: 5150

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: kodak

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 01292011_073433

Files\Folders moved on Reboot...

C:\Documents and Settings\5150\Local Settings\Temp\~DF8833.tmp moved successfully.

C:\WINDOWS\temp\NM_SDV1.DB moved successfully.

C:\WINDOWS\temp\NM_SDV2.DB moved successfully.

C:\WINDOWS\temp\NM_SDV3.DB moved successfully.

C:\WINDOWS\temp\NM_SDV4.DB moved successfully.

C:\WINDOWS\temp\NM_SDV5.DB moved successfully.

C:\WINDOWS\temp\SEC_SDV1.DB moved successfully.

C:\WINDOWS\temp\SEC_SDV2.DB moved successfully.

C:\WINDOWS\temp\SEC_SDV3.DB moved successfully.

C:\WINDOWS\temp\SEC_SDV4.DB moved successfully.

C:\WINDOWS\temp\SEC_SDV5.DB moved successfully.

File\Folder C:\WINDOWS\temp\ZLT04c04.TMP not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Please run this script and then let me know how are things.

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:Commands
[resethosts]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites

I'm really glad to help you! :lol:

Don't worry maybe I'll have work for you. Dad left me his old car - Renault Laguna and this summer I hope will have free for driving license. Maybe I'll need help. :)

Last steps for you:

Step 1

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Step 2

Please manually delete RKill.

Step 3

Keep your software up-to-date:

www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :lol:

Link to post
Share on other sites

It happened just after I sent the last response as well... then later last night I ran Spy Bot before going to bed and this morning all was up with a completed scan. Have ran the corrections from Spy Bot , CCleaner and now running Reg Healer.

Not sure why it was happenning. That was part of what was the problem before, the machine would shut down when I ran a scan.

Right now everything is functioning normaly...

Link to post
Share on other sites

Glad we could help. :wacko:

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.