Jump to content

Recommended Posts

something keeps directing my google results to: techcenter.net or

OTL logfile created on: 5/31/2011 11:32:51 AM - Run 2

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Public\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 77.49% Memory free

4.84 Gb Paging File | 4.40 Gb Available in Paging File | 90.90% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 279.45 Gb Total Space | 210.41 Gb Free Space | 75.29% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: kevin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/31 11:28:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Downloads\OTL.exe

PRC - [2011/05/31 11:26:27 | 020,327,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\WHQBSXQN\ie8-setup-us-xp[1].exe

PRC - [2010/12/03 12:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/09/19 18:26:32 | 000,189,752 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe

PRC - [2009/03/08 14:23:48 | 001,113,696 | ---- | M] (Microsoft Corporation) -- c:\c02c51c7dbe9209192\update\iesetup.exe

PRC - [2009/03/08 13:26:32 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\kevin\Local Settings\Temp\IXP000.TMP\IE-REDIST.EXE

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/14 05:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

========== Modules (SafeList) ==========

MOD - [2011/05/31 11:28:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Downloads\OTL.exe

MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)

SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2008/03/03 13:00:00 | 000,043,392 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)

DRV - [2007/06/22 19:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/02/06 23:22:24 | 000,194,304 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)

DRV - [2006/05/10 16:22:26 | 000,022,842 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8150.SYS -- (USB-100)

DRV - [2005/01/10 12:45:56 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)

DRV - [2003/05/30 01:21:38 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)

DRV - [2003/05/30 01:21:38 | 000,066,992 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2003/05/30 01:21:38 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d

FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0

FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1

FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0

FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9

FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1

FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/25 21:34:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/23 20:37:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/22 19:31:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/12/28 19:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Extensions

[2009/12/28 19:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/11/21 11:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Extensions\celtx@celtx.com

[2011/05/31 07:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\tn89b1he.default\extensions

[2010/11/28 21:22:29 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\tn89b1he.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

[2011/03/11 08:05:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\tn89b1he.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/05/30 17:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/11/21 11:49:32 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG

[2010/11/21 11:49:32 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM

[2010/11/21 11:49:32 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE

[2010/11/21 11:49:32 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG

[2010/11/21 11:49:32 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG

[2010/11/21 11:49:32 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG

[2010/11/21 11:49:32 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG

[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/30 17:28:29 | 000,431,860 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 127.0.0.1 www.123fporn.info

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com

O1 - Hosts: 127.0.0.1 www.123moviedownload.com

O1 - Hosts: 14857 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\RunOnce: [brandClearStubs] C:\WINDOWS\System32\iedkcs32.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/04 16:58:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{006e726c-1c01-11df-9c82-001060e9b116}\Shell - "" = AutoRun

O33 - MountPoints2\{006e726c-1c01-11df-9c82-001060e9b116}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{006e726c-1c01-11df-9c82-001060e9b116}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{04d60ec4-c9a0-11de-a3c5-af09a2506c96}\Shell - "" = AutoRun

O33 - MountPoints2\{04d60ec4-c9a0-11de-a3c5-af09a2506c96}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{04d60ec4-c9a0-11de-a3c5-af09a2506c96}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 11:32:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2011/05/31 11:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Local Settings\Application Data\Yahoo

[2011/05/31 11:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2011/05/31 11:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2011/05/31 11:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2011/05/31 11:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Application Data\Yahoo!

[2011/05/31 11:30:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011/05/31 11:30:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/05/31 11:27:26 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2011/05/31 11:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/31 11:03:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/31 11:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/31 11:02:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2011/05/31 08:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Application Data\Malwarebytes

[2011/05/31 08:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/05/30 17:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro

[2011/05/30 14:38:28 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/05/30 14:37:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\kevin\Recent

[2011/05/30 14:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2011/05/30 09:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/05/11 20:58:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kevin\My Documents\Roxio

[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[30 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\Documents and Settings\kevin\*.tmp files -> C:\Documents and Settings\kevin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/31 11:32:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/05/31 11:31:38 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf

[2011/05/31 11:27:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1390067357-1417001333-1003UA.job

[2011/05/31 11:21:56 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2011/05/31 11:21:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/31 11:21:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/31 11:03:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/31 08:47:34 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/31 08:47:34 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/30 17:28:29 | 000,431,860 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/05/30 16:57:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2011/05/30 16:54:49 | 000,434,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak

[2011/05/30 15:07:37 | 000,434,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-165449.backup

[2011/05/30 15:01:39 | 000,434,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-150737.backup

[2011/05/30 14:57:39 | 000,434,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-150139.backup

[2011/05/30 14:52:01 | 000,434,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-145739.backup

[2011/05/30 14:44:13 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\Google Chrome.lnk

[2011/05/30 14:44:13 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/30 14:42:27 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-145201.backup

[2011/05/30 14:27:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1390067357-1417001333-1003Core.job

[2011/05/30 14:24:20 | 000,000,349 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI

[2011/05/30 12:27:15 | 000,447,405 | ---- | M] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\census.cache

[2011/05/30 12:27:11 | 000,216,437 | ---- | M] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\ars.cache

[2011/05/30 10:53:09 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\housecall.guid.cache

[2011/05/30 10:36:03 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\seadoo.jpg

[2011/05/30 09:48:21 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-144227.backup

[2011/05/30 08:12:39 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-094821.backup

[2011/05/30 07:58:08 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-081239.backup

[2011/05/29 23:27:57 | 000,434,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110530-075808.backup

[2011/05/25 13:19:55 | 000,063,361 | -H-- | M] () -- C:\Documents and Settings\kevin\My Documents\Kevin Brown Line Cook.pdf

[2011/05/23 15:20:00 | 000,681,860 | -H-- | M] () -- C:\Documents and Settings\kevin\My Documents\business_license_packet_2006.pdf

[2011/05/22 11:07:26 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\kevin\My Documents\pmstudio.cfg

[2011/05/21 08:56:19 | 000,061,654 | -H-- | M] () -- C:\Documents and Settings\kevin\My Documents\Kevin Brown Resume Purchasing.pdf

[2011/05/15 10:21:30 | 176,534,479 | -H-- | M] () -- C:\Documents and Settings\kevin\My Documents\phobostube.Six_swedish_girls_in_boarding_school_(1979)_the_nudity_at_Phobos_Tube.mov

[2011/05/11 20:50:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2011/05/09 14:28:04 | 000,002,230 | -H-- | M] () -- C:\Documents and Settings\kevin\.recently-used.xbel

[2011/05/09 11:30:36 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/06 09:46:22 | 000,433,904 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110529-232757.backup

[2011/05/06 09:31:11 | 000,428,637 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110506-094622.backup

[2011/05/03 19:44:15 | 000,061,880 | -H-- | M] () -- C:\Documents and Settings\kevin\My Documents\Kevin Brown Resume may 2011.pdf

[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[30 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\Documents and Settings\kevin\*.tmp files -> C:\Documents and Settings\kevin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/31 11:31:38 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf

[2011/05/31 11:03:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/30 10:59:45 | 000,447,405 | ---- | C] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\census.cache

[2011/05/30 10:59:21 | 000,216,437 | ---- | C] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\ars.cache

[2011/05/30 10:53:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\housecall.guid.cache

[2011/05/30 10:26:18 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\seadoo.jpg

[2011/05/25 13:19:55 | 000,063,361 | -H-- | C] () -- C:\Documents and Settings\kevin\My Documents\Kevin Brown Line Cook.pdf

[2011/05/23 15:20:00 | 000,681,860 | -H-- | C] () -- C:\Documents and Settings\kevin\My Documents\business_license_packet_2006.pdf

[2011/05/21 08:56:18 | 000,061,654 | -H-- | C] () -- C:\Documents and Settings\kevin\My Documents\Kevin Brown Resume Purchasing.pdf

[2011/05/15 10:15:45 | 176,534,479 | -H-- | C] () -- C:\Documents and Settings\kevin\My Documents\phobostube.Six_swedish_girls_in_boarding_school_(1979)_the_nudity_at_Phobos_Tube.mov

[2011/05/09 14:28:04 | 000,002,230 | -H-- | C] () -- C:\Documents and Settings\kevin\.recently-used.xbel

[2011/05/03 19:44:15 | 000,061,880 | -H-- | C] () -- C:\Documents and Settings\kevin\My Documents\Kevin Brown Resume may 2011.pdf

[2011/03/14 20:02:00 | 000,040,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/01/30 19:59:58 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/01/30 19:34:05 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/22 17:53:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/12/21 00:45:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll

[2009/12/21 00:45:19 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll

[2009/12/21 00:45:19 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll

[2009/11/05 20:25:02 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/05 19:56:37 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini

[2009/11/05 19:53:05 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2009/11/05 19:53:05 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2009/11/05 19:53:05 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2009/11/05 19:53:05 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2009/11/05 19:53:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2009/11/05 16:50:17 | 000,000,600 | ---- | C] () -- C:\WINDOWS\VFO.INI

[2009/11/05 16:47:54 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL

[2009/11/04 17:39:29 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/11/04 17:23:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/11/04 17:00:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/11/04 16:55:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/11/04 08:50:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/11/04 08:49:14 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/09/27 17:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 05:00:00 | 000,433,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 05:00:00 | 000,067,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/07/29 11:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

[2004/12/20 19:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2004/03/11 02:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe

< End of report >

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.