1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved someone please look at this for me

Discussion in 'Malware and Virus Removal Archive' started by jan roberts, 2010/07/17.

Page 3 of 3
  1. 2010/07/20
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni i am going to close down for now, will pick up in the morning you have a good night
     
    jan roberts,
    #41
  2. 2010/07/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Open Windows Explorer, go Tools>Folder options>View tab and make sure there IS a checkmark in "Hide protected operating system files ".
    Click OK.

    Split it between couple of replies.
     
    broni,
    #42


  3. to hide this advert.

  4. 2010/07/21
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni
    cant seem to find windows explorer, went to programs > accessories>windows explorer clicked and my documents come up?!
    on start today all of the extras were gone.hehehe. now to split that log.
     
    jan roberts,
    #43
  5. 2010/07/21
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    OTL logfile created on: 7/20/2010 10:50:10 PM - Run 4
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\jan\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 2246 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 144.31 Gb Total Space | 112.06 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: D8T09M81
    Current User Name: jan
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/19 22:14:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jan\Desktop\OTL.exe
    PRC - [2010/06/16 13:27:42 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\jan\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2010/01/18 12:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
    PRC - [2010/01/18 12:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
    PRC - [2010/01/07 16:09:23 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\dleacoms.exe
    PRC - [2010/01/07 16:09:17 | 000,098,984 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleaserv.exe
    PRC - [2009/12/17 13:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    PRC - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/09 13:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
    PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2006/09/11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2003/09/17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/19 22:14:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jan\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/04/09 13:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/01/07 16:09:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dleacoms.exe -- (dlea_device)
    SRV - [2010/01/07 16:09:17 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
    SRV - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
    SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\jan\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
    DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/01/28 16:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2008/01/28 16:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
    DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
    DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
    DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
    DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
    DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
    DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
    DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
    DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
    DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
    DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
    DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2007/04/10 05:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
    DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
    DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
    DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
    DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/06/14 23:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
    DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2004/06/09 11:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
    DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
    DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 22 A8 51 B2 22 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search "
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
    FF - prefs.js..browser.search.selectedEngine: "Secure Search "
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p= "


    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/14 09:57:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/06 07:09:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/06 07:09:31 | 000,000,000 | ---D | M]

    [2009/03/29 21:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Mozilla\Extensions
    [2010/07/17 19:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions
    [2006/12/15 16:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2009/06/26 09:33:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/08 19:24:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2006/12/15 16:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{86b1f2a0-1790-11db-ac5d-0800200c9a66}
    [2006/12/15 16:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
    [2006/12/15 14:41:52 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\searchplugins\cddball.xml
    [2008/08/02 12:12:22 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\searchplugins\IMDB.xml
    [2006/12/15 14:41:53 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\jan\Application Data\Mozilla\Firefox\Profiles\cc3tm9zy.default\searchplugins\siteadvisor.xml
    [2010/07/20 01:46:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/03 11:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/07/20 01:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2006/03/14 08:17:07 | 000,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrk7.dll
    [2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2008/09/23 18:26:21 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
    [2006/01/11 07:54:53 | 001,605,120 | ---- | M] (Oklahoma Climatological Survey) -- C:\Program Files\Mozilla Firefox\plugins\NPWXM32.DLL
    [2010/03/18 18:06:41 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2010/07/20 22:40:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Oracle)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Oracle)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab (MALPlaybackCtrl Class)
    O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140842262609 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album 5 Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album 5 Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/19 17:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
     
    jan roberts,
    #44
  6. 2010/07/21
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    and i hope the rest of it
    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/20 22:26:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/20 01:50:46 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/07/20 01:42:22 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
    [2010/07/20 01:42:22 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
    [2010/07/20 01:42:22 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
    [2010/07/19 22:14:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jan\Desktop\OTL.exe
    [2010/07/16 09:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell V310-V510 Series
    [2010/07/13 14:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
    [2010/07/13 14:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
    [2010/07/13 14:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jan\Application Data\iolo
    [2010/07/13 14:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2010/07/13 13:53:24 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoin.dll
    [2010/07/13 13:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
    [2010/07/13 13:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Toolbar
    [2010/07/13 13:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell PC Fax
    [2010/07/13 13:52:02 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\dleausb1.dll
    [2010/07/13 13:52:02 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleainpa.dll
    [2010/07/13 13:52:02 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEAhcp.dll
    [2010/07/13 13:52:02 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaiesc.dll
    [2010/07/13 13:52:01 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaserv.dll
    [2010/07/13 13:52:01 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dleapmui.dll
    [2010/07/13 13:52:01 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dlealmpm.dll
    [2010/07/13 13:52:00 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahbn3.dll
    [2010/07/13 13:52:00 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaih.exe
    [2010/07/13 13:51:59 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoms.exe
    [2010/07/13 13:51:58 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomm.dll
    [2010/07/13 13:51:57 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomc.dll
    [2010/07/13 13:51:56 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacfg.exe
    [2010/07/13 13:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V310-V510 Series
    [2010/07/13 13:26:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jan\Recent
    [2010/07/13 13:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Cleaner
    [2010/07/13 13:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
    [2010/07/08 19:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/07/08 19:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/07/08 19:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/07/08 19:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/07/08 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/07/08 19:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/07/06 06:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{C3243856-7746-4A05-8837-51A28C1CDD82}
    [2010/07/06 06:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jan\Local Settings\Application Data\Downloaded Installations
    [2010/06/16 14:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jan\Local Settings\Application Data\Deployment
    [2010/06/16 08:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jan\Application Data\ElevatedDiagnostics
    [2010/06/16 08:42:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
    [2010/06/09 10:07:37 | 004,641,568 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\jan\My Documents\R126542.EXE
    [2010/06/09 10:02:53 | 001,417,304 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\jan\My Documents\R114566.EXE
    [2010/05/11 18:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jan\Desktop\NEWS
    [2010/05/11 18:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jan\Desktop\INFO
    [2010/05/03 11:34:55 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
    [2006/12/20 17:58:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcciesc.dll
    [2006/12/20 17:47:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccinpa.dll
    [2005/10/09 08:23:53 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

    ========== Files - Modified Within 90 Days ==========

    [2010/07/20 23:32:03 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1948461421-2004685971-4226772609-1005UA.job
    [2010/07/20 23:26:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/20 22:48:56 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/07/20 22:42:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/20 22:41:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/20 22:41:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/20 22:41:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/20 22:41:45 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/20 22:41:07 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\jan\ntuser.dat
    [2010/07/20 22:41:07 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
    [2010/07/20 22:41:07 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
    [2010/07/20 22:41:07 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
    [2010/07/20 22:41:07 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
    [2010/07/20 22:41:07 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000004-20061102}.rfx
    [2010/07/20 22:40:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jan\ntuser.ini
    [2010/07/20 22:40:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/07/20 22:24:09 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20061102}.CDF
    [2010/07/20 22:24:09 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20061102}.BAK
    [2010/07/19 22:14:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jan\Desktop\OTL.exe
    [2010/07/19 16:57:51 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/07/19 16:20:02 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\Shortcut to ComboFix.lnk
    [2010/07/19 16:02:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/19 15:00:25 | 000,000,386 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Google.url
    [2010/07/19 14:21:43 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\OFFICAL TIME.url
    [2010/07/19 13:32:03 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1948461421-2004685971-4226772609-1005Core.job
    [2010/07/18 23:25:24 | 2137,178,112 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2010/07/18 20:01:49 | 000,013,357 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\larry.url
    [2010/07/18 11:36:35 | 000,082,145 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\RR.url
    [2010/07/18 11:35:58 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\IRIS Seismic Monitor.url
    [2010/07/17 22:16:22 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Wikipedia.url
    [2010/07/17 21:53:34 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\TIFTON WEATHER.url
    [2010/07/17 13:21:42 | 000,006,612 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Woot.url
    [2010/07/15 10:10:49 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Hurricane Center.url
    [2010/07/13 14:08:48 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
    [2010/07/13 14:07:13 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Dell PC TuneUp.lnk
    [2010/07/13 14:02:28 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
    [2010/07/13 13:54:08 | 000,184,326 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
    [2010/07/13 13:52:39 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Dell Printer Home.LNK
    [2010/07/13 13:29:21 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/13 13:29:21 | 000,000,279 | RHS- | M] () -- C:\boot.ini
    [2010/07/13 13:24:46 | 000,003,023 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Yahoo!.url
    [2010/07/13 13:24:00 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Disk Cleaner.lnk
    [2010/07/10 21:19:32 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Audible.url
    [2010/07/08 19:40:41 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/07/08 18:45:57 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\National Mosaic.url
    [2010/07/06 05:04:47 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Facebook.url
    [2010/07/02 06:33:52 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\Google Chrome.lnk
    [2010/07/02 06:33:52 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/06/29 13:07:25 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
    [2010/06/28 09:50:25 | 000,000,205 | ---- | M] () -- C:\Documents and Settings\jan\Desktop\whocalled.us.url
    [2010/06/28 07:43:38 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
    [2010/06/23 07:26:48 | 000,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/23 07:26:48 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/23 07:26:48 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
    [2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
    [2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
    [2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
    [2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/06/21 08:09:40 | 000,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat
    [2010/06/21 08:09:40 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml
    [2010/06/17 08:46:00 | 000,025,526 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\iTunes Diagnostics.spx
    [2010/06/17 08:46:00 | 000,002,870 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\iTunes Diagnostics.rtf
    [2010/06/16 08:27:58 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\itunemess.reg
    [2010/06/16 07:31:19 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\stupid itunes mess.reg
    [2010/06/16 03:43:45 | 000,002,234 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\exportfor itunes fix.reg
    [2010/06/11 02:33:33 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/09 10:07:47 | 004,641,568 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\jan\My Documents\R126542.EXE
    [2010/06/09 10:07:00 | 000,156,676 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\INPENUXP.cab
    [2010/06/09 10:02:58 | 003,545,984 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\R98295.EXE
    [2010/06/09 10:02:58 | 001,417,304 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\jan\My Documents\R114566.EXE
    [2010/06/09 10:01:06 | 000,523,404 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\D5150A07.EXE
    [2010/06/09 09:58:10 | 086,069,416 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\R107621a.zip
    [2010/06/09 09:57:14 | 033,713,904 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\R210377.exe
    [2010/06/08 20:50:58 | 000,561,759 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\NECND353_v104C.zip
    [2010/06/08 20:50:11 | 001,412,941 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\Dell Boot Utility - DRMK 12417.zip
    [2010/06/08 20:49:12 | 000,855,224 | ---- | M] () -- C:\Documents and Settings\jan\My Documents\R143730.EXE
    [2010/05/24 19:59:23 | 000,007,429 | -HS- | M] () -- C:\Documents and Settings\jan\Desktop\Folder.jpg
    [2010/05/24 19:59:23 | 000,007,429 | -HS- | M] () -- C:\Documents and Settings\jan\Desktop\AlbumArt_{626DFD9F-BB96-408A-9C8E-30D0C7A87877}_Large.jpg
    [2010/05/24 19:59:23 | 000,002,228 | -HS- | M] () -- C:\Documents and Settings\jan\Desktop\AlbumArtSmall.jpg
    [2010/05/24 19:59:23 | 000,002,228 | -HS- | M] () -- C:\Documents and Settings\jan\Desktop\AlbumArt_{626DFD9F-BB96-408A-9C8E-30D0C7A87877}_Small.jpg

    ========== Files Created - No Company Name ==========

    [2010/07/19 16:20:02 | 000,000,415 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\Shortcut to ComboFix.lnk
    [2010/07/16 10:47:07 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-00000002-00001102-00000004-20061102}.BAK
    [2010/07/16 09:57:12 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\All Users\dleaDiagnostics.log
    [2010/07/13 14:08:48 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
    [2010/07/13 14:07:13 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\jan\Desktop\Dell PC TuneUp.lnk
    [2010/07/13 14:07:02 | 000,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
    [2010/07/13 14:06:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
    [2010/07/13 14:06:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
    [2010/07/13 14:02:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2010/07/13 13:53:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleavs.dll
    [2010/07/13 13:53:19 | 000,065,106 | ---- | C] () -- C:\WINDOWS\System32\dleaprpr.chm
    [2010/07/13 13:53:18 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleacui.dll
    [2010/07/13 13:53:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleacuir.dll
    [2010/07/13 13:53:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dleagcfg.dll
    [2010/07/13 13:53:17 | 000,008,696 | ---- | C] () -- C:\WINDOWS\System32\dleacommuilogo_rtl.bmp
    [2010/07/13 13:53:17 | 000,008,696 | ---- | C] () -- C:\WINDOWS\System32\dleacommuilogo.bmp
    [2010/07/13 13:52:56 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.dll
    [2010/07/13 13:52:56 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.exe
    [2010/07/13 13:52:39 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Dell Printer Home.LNK
    [2010/07/13 13:52:02 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\DLEAinst.dll
    [2010/07/13 13:52:01 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleainsb.dll
    [2010/07/13 13:52:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleainsr.dll
    [2010/07/13 13:52:01 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleajswr.dll
    [2010/07/13 13:52:00 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleains.dll
    [2010/07/13 13:52:00 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleacu.dll
    [2010/07/13 13:52:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleagrd.dll
    [2010/07/13 13:52:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleacub.dll
    [2010/07/13 13:52:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleacur.dll
    [2010/07/13 13:51:56 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\DLEAcfg.dll
    [2010/07/13 13:51:56 | 000,002,064 | ---- | C] () -- C:\WINDOWS\System32\dlea.loc
    [2010/07/13 13:24:00 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\jan\Application Data\Microsoft\Internet Explorer\Quick Launch\Disk Cleaner.lnk
    [2010/07/08 19:42:44 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/07/08 19:40:41 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/07/04 01:27:38 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\jan\Desktop\Facebook.url
    [2010/06/29 13:13:39 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/06/28 07:43:38 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
    [2010/06/21 08:09:40 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat
    [2010/06/21 08:09:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml
    [2010/06/17 08:46:00 | 000,025,526 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\iTunes Diagnostics.spx
    [2010/06/16 08:27:58 | 000,002,294 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\itunemess.reg
    [2010/06/16 07:31:19 | 000,002,294 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\stupid itunes mess.reg
    [2010/06/16 06:19:27 | 000,002,870 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\iTunes Diagnostics.rtf
    [2010/06/16 03:43:45 | 000,002,234 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\exportfor itunes fix.reg
    [2010/06/09 10:06:44 | 000,156,676 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\INPENUXP.cab
    [2010/06/09 10:02:35 | 003,545,984 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\R98295.EXE
    [2010/06/09 10:00:50 | 000,523,404 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\D5150A07.EXE
    [2010/06/09 09:55:40 | 033,713,904 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\R210377.exe
    [2010/06/09 09:55:33 | 086,069,416 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\R107621a.zip
    [2010/06/08 20:50:52 | 000,561,759 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\NECND353_v104C.zip
    [2010/06/08 20:49:53 | 001,412,941 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\Dell Boot Utility - DRMK 12417.zip
    [2010/06/08 20:49:07 | 000,855,224 | ---- | C] () -- C:\Documents and Settings\jan\My Documents\R143730.EXE
    [2010/05/29 10:16:32 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\jan\Desktop\National Mosaic.url
    [2010/05/24 19:59:23 | 000,007,429 | -HS- | C] () -- C:\Documents and Settings\jan\Desktop\Folder.jpg
    [2010/05/24 19:59:23 | 000,007,429 | -HS- | C] () -- C:\Documents and Settings\jan\Desktop\AlbumArt_{626DFD9F-BB96-408A-9C8E-30D0C7A87877}_Large.jpg
    [2010/05/24 19:59:23 | 000,002,228 | -HS- | C] () -- C:\Documents and Settings\jan\Desktop\AlbumArtSmall.jpg
    [2010/05/24 19:59:23 | 000,002,228 | -HS- | C] () -- C:\Documents and Settings\jan\Desktop\AlbumArt_{626DFD9F-BB96-408A-9C8E-30D0C7A87877}_Small.jpg
    [2010/01/22 18:12:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll
    [2010/01/22 18:12:15 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEAsm.dll
    [2008/12/05 11:43:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2008/11/10 10:37:19 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
    [2008/11/10 10:37:18 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
    [2007/12/08 22:15:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2007/09/14 14:31:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
    [2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
    [2007/02/07 13:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcccoin.dll
    [2006/11/10 11:31:30 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/03/14 11:48:01 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
    [2006/03/01 20:54:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/02/25 06:19:52 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2006/02/25 04:25:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/10/09 08:41:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/10/09 08:32:29 | 000,000,875 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/10/09 08:24:22 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2005/10/09 08:23:55 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
    [2005/10/09 08:23:55 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2005/10/09 08:23:54 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
    [2005/10/09 08:23:28 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2005/10/09 07:57:28 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
    [2005/04/01 12:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
    [2004/09/22 14:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/19 17:20:39 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/19 17:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
    [1998/07/15 22:44:30 | 000,134,656 | ---- | C] () -- C:\WINDOWS\System32\itijpg2.dll

    ========== LOP Check ==========

    [2007/05/10 13:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audible
    [2007/06/10 10:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
    [2007/12/12 15:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/07/13 15:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2007/09/19 16:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2006/02/28 01:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
    [2006/06/23 02:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2009/11/08 11:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
    [2007/12/20 14:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/07/20 16:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/08/21 22:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/04/02 08:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
    [2010/04/12 18:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/10 20:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/28 09:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/07/08 19:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3243856-7746-4A05-8837-51A28C1CDD82}
    [2010/03/26 10:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Aim
    [2006/03/26 22:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Avant Browser
    [2008/08/08 14:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\CCTV
    [2006/03/18 12:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\DAPE
    [2006/03/19 16:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Deepnet Explorer
    [2007/12/15 09:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Earthsim
    [2010/06/16 08:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\ElevatedDiagnostics
    [2006/03/11 16:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\gifuyana.com
    [2006/03/28 20:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\InterTrust
    [2010/07/13 14:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\iolo
    [2006/06/20 09:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Kontiki
    [2006/02/25 13:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Leadertech
    [2006/03/23 15:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\Musicmatch
    [2008/05/16 09:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\OverDrive
    [2008/08/08 14:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\safenetdrm
    [2009/02/12 20:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jan\Application Data\WeatherBug
    [2010/07/20 22:48:56 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========


    < End of report >
     
    jan roberts,
    #45
  7. 2010/07/21
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    cant get tfc geeks to go is offline for awhile. or thats what i get when i clicked on it
     
    jan roberts,
    #46
  8. 2010/07/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Look at the top menu. You'll see Tools there.

    Proceed with steps from my reply #38.
    Instead of TFC (server is down), run this...

    Download ATF Cleaner by Atribune.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Unselect Cookies.
    Click the Empty Selected button.

    If you use Firefox browser
    Click Firefox at the top and choose: Select All
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Unselect Cookies.
    Click the Empty Selected button.

    If you use Opera browser
    Click Opera at the top and choose: Select All
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Unselect Cookies.
    Click the Empty Selected button.

    Click Exit on the Main menu to close the program.
     
    broni,
    #47
  9. 2010/07/22
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni kaspersky scan showed no threats. report is blank.
     
    jan roberts,
    #48
  10. 2010/07/22
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni the hide protected operating files is checked
     
    jan roberts,
    #49
  11. 2010/07/22
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    what do i do with otl? still on desktop.
     
    jan roberts,
    #50
  12. 2010/07/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ===============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #51
  13. 2010/07/23
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni
    did the otl clean up and removed the leftovers. did the system restore for some reason it was checked to stop, dont know how or why but got it sitituated. with new store points.
    i want to thank you very much for being so patient with me i learn how to do a lot of things i never done before. thank you again for all your time and trouble. and windowsbbs is now back to being windowsbbs instead of larry.
     
    Last edited: 2010/07/23
    jan roberts,
    #52
  14. 2010/07/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
    Good luck and stay safe :)

    ??
     
    broni,
    #53
  15. 2010/07/23
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni i changed the name after the episode with gmer when i could not get into windowsbbs to post and my desktop went crazy. maybe the name change didnt make a bit of difference,but i didnt have any trouble after i changed the name,with getting into windowsbbs and posting.
     
    jan roberts,
    #54
  16. 2010/07/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh, I see...
     
    broni,
    #55
  17. 2010/07/23
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    broni how do i mark this solved?
     
    jan roberts,
    #56
  18. 2010/07/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can't in this forum.
    I did it already :)
     
    broni,
    #57
  19. 2010/07/24
    jan roberts

    jan roberts Inactive Thread Starter

    Joined:
    2005/01/08
    Messages:
    507
    Likes Received:
    2
    thanks loads broni
     
    jan roberts,
    #58
  20. 2010/07/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Sure thing :)
     
    broni,
    #59
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...