[RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Started By lobita68, Jun 24 2011 10:14 PM

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

20 replies to this topic

#1 lobita68

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 24 June 2011 - 10:14 PM

Hello again. I just did a factory reset and thought everything would be gone, but I'm still getting hijacked and my shortcuts and other things are getting moved or disappearing. This is happening on my Thinkpad and on my ex-boyfriend's brand new Toshiba. I'm trying to fix mine first, then I'll send the Toshiba data. I've already tried looking for the "%Temp" files, but have had no luck and I'm afraid of making it worse. I may have gotten rid of the virus; If so, I need to figure out which files are missing. Well, you are much more qualified to tell me what it is I need. So, here are my logs. I am aware of the Adware c:\system volume information\_restore{14157744-4fa2-4caf-bafb-72cc49941087}\RP141\A0015473.exe (Adware.PremierOpinion) -> The instructions say not to delete anything, so I left it. I have noticed randm ".ini" files poppig up in different places. [LocalizedFileNames]
Windows Media Player.lnk=@C:\WINDOWS\inf\unregmp2.exe,-4 is on my desktop.
Thanks, yet again!
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-06-24 14:23:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Loba\LOCALS~1\Temp\awlorpod.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6935

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/24/2011 3:15:17 AM
mbam-log-2011-06-24.txt

Scan type: Full scan (C:\|)
Objects scanned: 239999
Time elapsed: 1 hour(s), 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{14157744-4fa2-4caf-bafb-72cc49941087}\RP141\A0015473.exe (Adware.PremierOpinion) -> No action taken.
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-24 14:23:25
-----------------------------
14:23:25.806 OS Version: Windows 5.1.2600 Service Pack 3
14:23:25.806 Number of processors: 1 586 0x209
14:23:25.806 ComputerName: IBM-343C78E359F UserName: Loba
14:23:26.627 Initialize success
14:32:14.316 AVAST engine defs: 11062401
14:35:05.622 Disk 0 (boot) \Device\Harddisk0\DR0 ->
14:35:05.622 Disk 0 Vendor: Size: 35312MB BusType: 0
14:35:07.665 Disk 0 MBR read successfully
14:35:07.665 Disk 0 MBR scan
14:35:07.665 Disk 0 unknown MBR code
14:35:09.678 Disk 0 scanning sectors +72318960
14:35:09.718 Disk 0 scanning C:\WINDOWS\system32\drivers
14:35:50.276 Service scanning
14:35:51.658 Disk 0 trace - called modules:
14:35:51.688 ntoskrnl.exe hal.dll CLASSPNP.SYS disk.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
14:35:51.698 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82e8c7f0]
14:35:51.698 3 CLASSPNP.SYS[f84d7fd7] -> nt!IofCallDriver -> \Device\000000af[0x82e15378]
14:35:51.708 5 ACPI.sys[ba7b7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82e15030]
14:35:53.321 AVAST engine scan C:\WINDOWS
15:19:43.573 AVAST engine scan C:\Documents and Settings\Loba
15:22:02.282 AVAST engine scan C:\Documents and Settings\All Users
15:22:53.236 Scan finished successfully
15:40:10.347 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Loba\Desktop\MBR.dat"
15:40:10.357 The log file has been saved successfully to "C:\Documents and Settings\Loba\Desktop\aswMBR.txt"

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Loba at 15:43:56 on 2011-06-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.111 [GMT -6:00]
.
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.smartestcomputing.us.com/
BHO: AutorunsDisabled - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [TrackPointSrv] tp4serv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
mRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\stickies.lnk - c:\program files\stickies\stickies.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: jpmorgan.com\www.ebtaccount
Trusted Zone: microsoft.com\catalog.update
Trusted Zone: us.com\www.smartestcomputing
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1308650284039
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1308280775089
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1308283387150
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 68.87.85.102
TCP: Interfaces\{DBE962B4-511E-49D3-98F5-D0154EA0C4FC} : DhcpNameServer = 192.168.1.1 68.87.85.102
Notify: AutorunsDisabled - WgaLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\loba\application data\mozilla\firefox\profiles\0a32r6dh.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z020&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z020&form=ZGAADF&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-6-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-6-23 744568]
R1 ASMBATT;ASMBATT;c:\windows\system32\drivers\ASMBATT.SYS [2011-6-16 4864]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-6-21 20216]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-6-23 136312]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2011-6-16 15360]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-6-23 130008]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;c:\windows\system32\drivers\AEIWLNDS.sys [1980-1-1 611328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-18 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110623.002\IDSXpx86.sys [2011-6-24 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110624.002\NAVENG.SYS [2011-6-24 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20110624.002\NAVEX15.SYS [2011-6-24 1542392]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 22568]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-23 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-23 39984]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-23 366640]
S4 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
.
=============== Created Last 30 ================
.
2011-06-24 02:37:14 -------- d-----w- c:\documents and settings\loba\local settings\application data\Symantec
2011-06-24 00:20:14 -------- d-----w- c:\documents and settings\loba\application data\Malwarebytes
2011-06-24 00:19:33 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 00:19:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-24 00:19:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 00:19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 23:53:41 9435312 ----a-w- C:\BAM-setup-1.51.0.1200.exe
2011-06-23 23:17:31 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys
2011-06-23 23:17:31 369784 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys
2011-06-23 23:17:31 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-06-23 23:17:31 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-06-23 23:17:30 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-06-23 23:17:30 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys
2011-06-23 23:17:29 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-06-23 23:17:29 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys
2011-06-23 23:16:31 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-06-23 22:47:41 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-23 22:47:31 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-06-23 22:47:31 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-06-23 22:47:05 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-23 22:46:45 -------- d-----w- c:\windows\system32\drivers\N360
2011-06-23 22:46:42 -------- d-----w- c:\program files\Norton Security Suite
2011-06-23 22:46:03 -------- d-----w- c:\program files\NortonInstaller
2011-06-22 20:39:31 14744 ----a-w- c:\documents and settings\loba\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2011-06-22 14:28:59 -------- d-----w- c:\documents and settings\loba\application data\OpenWith.org Cache
2011-06-22 09:50:34 -------- d-sha-r- C:\cmdcons
2011-06-22 09:46:47 208896 ----a-w- c:\windows\MBR.exe
2011-06-22 09:46:46 98816 ----a-w- c:\windows\sed.exe
2011-06-22 09:46:46 518144 ----a-w- c:\windows\SWREG.exe
2011-06-22 09:46:46 256512 ----a-w- c:\windows\PEV.exe
2011-06-22 09:45:03 -------- d-----w- C:\Fixcombo
2011-06-22 07:43:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-06-22 07:30:21 -------- d-----w- c:\windows\system32\NtmsData
2011-06-22 07:05:17 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-22 07:00:28 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-22 04:02:54 -------- d-----w- c:\documents and settings\loba\local settings\application data\NPE
2011-06-22 03:36:49 -------- d-----w- c:\windows\LMI245.tmp
2011-06-21 22:18:24 -------- d-----w- c:\documents and settings\loba\application data\ElevatedDiagnostics
2011-06-21 21:03:49 -------- d-----w- c:\program files\Intel Corporation
2011-06-21 18:40:16 -------- d-----w- c:\program files\Lenovo
2011-06-21 16:21:11 -------- d-----w- c:\documents and settings\loba\local settings\application data\Help
2011-06-21 13:01:47 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-06-21 11:47:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-21 11:47:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-21 11:23:21 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-21 10:48:59 -------- d-----w- c:\program files\HWiNFO32
2011-06-21 09:37:50 731000 ----a-w- c:\documents and settings\loba\application data\microsoft\internet explorer\quick launch\autoruns.exe
2011-06-21 06:13:31 -------- d-----w- c:\program files\Stardock
2011-06-21 05:28:16 -------- d--h--w- c:\windows\PIF
2011-06-21 02:53:51 -------- d-----w- c:\windows\pss
2011-06-20 10:47:53 -------- d-----w- c:\program files\Autoruns.zip
2011-06-20 10:45:44 -------- d-----w- c:\documents and settings\loba\application data\Morpheus PRO
2011-06-20 10:45:41 -------- d-----w- c:\documents and settings\loba\Shared
2011-06-19 18:24:09 -------- d-----w- c:\program files\OpenWith.org Desktop Tool
2011-06-19 09:12:43 -------- d-----w- C:\CCleanerRegBackup
2011-06-19 08:17:05 -------- d-----w- c:\program files\CCleaner
2011-06-19 08:06:23 -------- d-----w- c:\documents and settings\loba\application data\stickies
2011-06-19 08:06:20 592 ----a-w- c:\windows\uninstallstickies.bat
2011-06-19 08:06:19 -------- d-----w- c:\program files\Stickies
2011-06-19 07:10:51 -------- d-----w- c:\documents and settings\loba\AbiSuite
2011-06-19 07:04:03 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-06-19 04:16:46 -------- d-----w- c:\documents and settings\loba\local settings\application data\Identities
2011-06-18 22:21:20 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-06-18 22:21:20 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-18 22:20:58 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-06-18 22:20:00 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-18 22:18:45 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-18 22:12:32 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-06-18 21:28:24 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-18 21:26:40 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-18 21:25:48 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-18 21:25:48 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-18 21:25:48 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-18 21:25:48 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-18 21:25:48 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-18 21:25:48 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-18 21:25:47 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-18 21:25:47 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-18 21:25:46 -------- d-----w- C:\2b68fa987c91c4577670a25d
2011-06-18 20:49:23 -------- d-----w- c:\documents and settings\loba\local settings\application data\WMTools Downloaded Files
2011-06-18 20:10:44 -------- d-----r- C:\N360_BACKUP
2011-06-18 19:06:25 -------- d-----w- c:\windows\system32\scripting
2011-06-18 19:06:10 -------- d-----w- c:\windows\l2schemas
2011-06-18 19:06:05 -------- d-----w- c:\windows\system32\en
2011-06-18 18:41:50 -------- d-----w- c:\windows\network diagnostic
2011-06-18 11:13:55 69120 ------w- c:\windows\system32\wlanapi.dll
2011-06-18 11:13:21 53248 ------w- c:\windows\system32\tsgqec.dll
2011-06-18 11:13:21 50688 ------w- c:\windows\system32\tspkg.dll
2011-06-18 11:11:35 30208 ------w- c:\windows\system32\napipsec.dll
2011-06-18 11:11:35 193024 ------w- c:\windows\system32\napmontr.dll
2011-06-18 11:11:35 176640 ------w- c:\windows\system32\napstat.exe
2011-06-18 11:11:30 79872 ------w- c:\windows\system32\msxml6r.dll
2011-06-18 11:11:30 79872 ------w- c:\windows\system32\dllcache\msxml6r.dll
2011-06-18 11:11:28 1372672 ------w- c:\windows\system32\msxml6.dll
2011-06-18 11:11:28 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2011-06-18 11:11:15 76800 ------w- c:\windows\system32\msshavmsg.dll
2011-06-18 11:11:14 155136 ------w- c:\windows\system32\mssha.dll
2011-06-18 11:11:02 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
2011-06-18 11:10:53 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2011-06-18 11:10:00 33792 ------w- c:\windows\system32\mmcperf.exe
2011-06-18 11:09:58 397312 ------w- c:\windows\system32\mmcex.dll
2011-06-18 11:09:58 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2011-06-18 11:09:57 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2011-06-18 11:09:15 37376 ------w- c:\windows\system32\l2gpstore.dll
2011-06-18 11:09:14 61440 ------w- c:\windows\system32\kmsvc.dll
2011-06-18 11:09:12 6144 ------w- c:\windows\system32\kbdpash.dll
2011-06-18 11:09:12 6144 ------w- c:\windows\system32\kbdnepr.dll
2011-06-18 11:09:12 6144 ------w- c:\windows\system32\kbdiultn.dll
2011-06-18 11:09:11 6144 ------w- c:\windows\system32\kbdbhc.dll
2011-06-18 11:08:03 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2011-06-18 11:06:35 136192 ------w- c:\windows\system32\aaclient.dll
2011-06-18 09:40:21 -------- d-----w- c:\documents and settings\loba\application data\Tific
2011-06-18 09:08:37 -------- d-----w- c:\documents and settings\loba\Tracing
2011-06-18 08:48:52 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-06-18 08:48:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-18 08:44:23 -------- d-----w- c:\program files\Microsoft
2011-06-18 08:43:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-06-18 08:42:36 4927864 ----a-w- c:\program files\common files\windows live\.cache\ac6042801cc2d93\Silverlight.2.0.exe
2011-06-18 08:41:20 23510720 ----a-w- c:\program files\common files\windows live\.cache\7f619f201cc2d93\dotnetfx.exe
2011-06-18 08:38:06 74520 ----a-w- c:\program files\common files\windows live\.cache\bd82de01cc2d93\DSETUP.dll
2011-06-18 08:38:06 484632 ----a-w- c:\program files\common files\windows live\.cache\bd82de01cc2d93\DXSETUP.exe
2011-06-18 08:38:06 1670936 ----a-w- c:\program files\common files\windows live\.cache\bd82de01cc2d93\dsetup32.dll
2011-06-18 08:37:47 1013800 ----a-w- c:\program files\common files\windows live\.cache\696a01cc2d93\WindowsXP-KB954708-x86-ENU.exe
2011-06-18 08:37:39 1229688 ----a-w- c:\program files\common files\windows live\.cache\fb356e501cc2d92\wic_x86_enu.exe
2011-06-18 08:32:18 -------- d-----w- c:\program files\common files\Windows Live
2011-06-18 06:03:59 -------- d-----w- c:\documents and settings\loba\application data\IBM
2011-06-18 05:12:46 -------- d-sh--w- c:\documents and settings\loba\IECompatCache
2011-06-18 04:28:56 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-18 03:56:43 -------- d-----w- c:\documents and settings\loba\local settings\application data\Temp
2011-06-18 03:56:43 -------- d-----w- c:\documents and settings\loba\local settings\application data\Adobe
2011-06-18 03:39:34 -------- d-----w- c:\windows\system32\Adobe
2011-06-18 03:14:11 -------- d-----w- c:\windows\system32\LogFiles
2011-06-18 02:48:55 -------- d-----w- c:\windows\system32\appmgmt
2011-06-18 02:43:54 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-06-18 02:31:45 -------- d-----w- c:\documents and settings\loba\local settings\application data\Mozilla
2011-06-18 02:25:13 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-06-18 02:17:14 -------- d-----w- c:\documents and settings\loba\local settings\application data\Apple Computer
2011-06-18 01:32:11 -------- d-----w- c:\documents and settings\loba\local settings\application data\Apple
2011-06-18 00:42:29 -------- d-sh--w- c:\documents and settings\loba\PrivacIE
2011-06-18 00:35:55 -------- d-sh--w- c:\documents and settings\loba\IETldCache
2011-06-18 00:24:33 -------- d-----w- c:\windows\ie8updates
2011-06-18 00:24:04 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-06-18 00:24:03 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-18 00:24:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-18 00:24:03 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-18 00:24:03 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-06-18 00:24:00 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-18 00:24:00 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-06-18 00:21:36 -------- dc-h--w- c:\windows\ie8
2011-06-17 23:37:49 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-17 23:32:30 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-17 23:32:23 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-06-17 23:32:01 357888 ------w- c:\windows\system32\dllcache\srv.sys
2011-06-17 23:30:45 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-06-17 23:30:45 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-06-17 23:30:35 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-06-17 23:28:02 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-06-17 23:26:27 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-06-17 23:22:48 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-06-17 23:22:44 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-06-17 23:21:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-06-17 23:21:30 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-06-17 23:00:20 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2011-06-17 20:02:53 -------- d-----w- c:\windows\peernet
2011-06-17 20:02:48 -------- d-----w- c:\windows\provisioning
2011-06-17 19:52:14 -------- d-----w- c:\windows\ServicePackFiles
2011-06-17 19:33:42 -------- d-----w- c:\windows\EHome
2011-06-17 19:20:14 11264 ------w- c:\windows\system32\spnpinst.exe
2011-06-17 18:33:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-06-17 18:32:53 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-06-17 18:32:53 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-06-17 18:29:42 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-06-17 18:27:50 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-17 18:27:50 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-06-17 18:27:48 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-17 18:22:22 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-06-17 04:53:58 -------- d-----w- c:\documents and settings\loba\application data\Symantec
2011-06-17 04:53:50 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2011-06-17 04:53:49 -------- d-----w- c:\program files\Symantec
2011-06-17 04:53:41 -------- d-----w- c:\program files\common files\Symantec Shared
2011-06-17 04:00:34 1082368 ----a-w- c:\windows\system32\esent.dll
2011-06-17 03:48:34 61440 ----a-w- c:\windows\system32\ASIW32N50.dll
2011-06-17 03:48:34 52800 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-06-17 03:48:34 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-06-17 03:48:34 16302 ----a-w- c:\windows\system32\ASINDIS5.sys
2011-06-17 03:48:34 15577 ----a-w- c:\windows\system32\ASINDIS3.vxd
2011-06-17 03:48:33 -------- d-----w- c:\program files\ASUS
2011-06-17 03:24:32 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2011-06-17 03:24:32 10752 ----a-w- c:\windows\system32\c_iscii.dll
2011-06-17 03:24:31 5632 ----a-w- c:\windows\system32\kbdusa.dll
2011-06-17 03:24:30 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2011-06-17 03:23:21 -------- d-----w- c:\windows\system32\PreInstall
2011-06-17 03:23:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-06-17 03:23:17 -------- d--h--w- c:\windows\$hf_mig$
2011-06-17 03:22:20 -------- d-----w- c:\windows\system32\bits
2011-06-17 03:21:49 8192 ------w- c:\windows\system32\bitsprx2.dll
2011-06-17 03:21:49 7168 ------w- c:\windows\system32\bitsprx3.dll
2011-06-17 03:21:49 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-06-17 03:21:49 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2011-06-17 03:20:26 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-06-17 03:20:26 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-06-17 03:20:25 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-06-17 03:20:25 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-06-17 03:20:25 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-06-17 03:19:33 -------- d-sh--w- c:\documents and settings\loba\UserData
2011-06-17 03:18:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 03:16:15 98354 ----a-w- c:\windows\dla.exe
2011-06-17 03:16:15 82784 ----a-w- c:\windows\system32\drivers\drvmcdb.sys
2011-06-17 03:16:15 61494 ----a-w- c:\windows\system32\tfswapi.dll
2011-06-17 03:16:15 5621 ----a-w- c:\windows\system32\drivers\sscdbhk5.sys
2011-06-17 03:16:15 40400 ----a-w- c:\windows\system32\drivers\drvnddm.sys
2011-06-17 03:16:15 23027 ----a-w- c:\windows\system32\drivers\ssrtln.sys
2011-06-17 03:16:15 -------- d-----w- c:\windows\system32\dla
2011-06-17 03:16:14 -------- d-----w- c:\program files\IBM DLA
2011-06-17 03:16:10 -------- d-----w- c:\program files\VERITAS Software
2011-06-17 03:16:03 -------- d-----w- c:\program files\IBM RecordNow
2011-06-17 03:15:17 -------- d-----w- c:\program files\InterVideo
2011-06-17 03:15:13 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-06-17 03:14:46 -------- d-----w- C:\icons
2011-06-17 03:14:31 -------- d-----w- c:\program files\IBM
2011-06-17 03:14:31 -------- d-----w- c:\documents and settings\all users\application data\ibm
2011-06-17 03:14:01 -------- d-----w- c:\windows\system32\SBUtils
2011-06-17 03:14:01 -------- d-----w- c:\program files\SBApps
2011-06-17 03:12:31 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2011-06-17 03:12:31 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2011-06-17 03:12:30 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2011-06-17 03:08:49 7168 ----a-w- c:\windows\system32\drivers\TSMAPIP.SYS
2011-06-17 03:07:55 8830 ----a-w- c:\windows\system32\drivers\TDSMAPI.SYS
2011-06-17 03:07:55 34816 ----a-w- c:\windows\system32\TP98.CPL
2011-06-17 03:07:54 14848 ----a-w- c:\windows\system32\drivers\SMAPINT.SYS
2011-06-17 03:07:33 4864 ----a-w- c:\windows\system32\drivers\ASMBATT.SYS
2011-06-17 03:07:33 184320 ----a-w- c:\windows\TPBATHLP.EXE
2011-06-17 03:07:33 15360 ----a-w- c:\windows\system32\drivers\TPPWR.SYS
2011-06-17 03:07:08 86016 ----a-w- c:\windows\_tpiu000.exe
2011-06-17 03:05:54 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2011-06-17 03:05:54 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2011-06-17 03:05:54 165888 ----a-w- c:\windows\system32\wuauclt1.exe
2011-06-17 03:03:45 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe
2011-06-17 03:01:27 7168 ----a-w- c:\windows\system32\hccoin.dll
2011-06-17 03:01:20 -------- d-----w- c:\program files\ThinkPad
2011-06-17 02:59:02 -------- d-----w- C:\DRIVERS
2011-06-17 02:50:04 -------- d---a-w- C:\IBMTOOLS
2011-06-06 18:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-21 21:24:00 23552 ----a-w- c:\windows\system32\drivers\ABP480N5.SYS
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 15:45:34.15 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2011 9:34:16 PM
System Uptime: 6/24/2011 1:19:29 PM (2 hours ago)
.
Motherboard: IBM | | 23893HU
Processor: Intel® Pentium® 4 CPU 2.40GHz | None | 2390/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 20.007 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Fast Ethernet
Device ID: PCI\VEN_14E4&DEV_170D&SUBSYS_05451014&REV_01\4&39A85202&0&00F0
Manufacturer: Broadcom
Name: Broadcom NetXtreme Fast Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_170D&SUBSYS_05451014&REV_01\4&39A85202&0&00F0
Service: b57w2k
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTEAC_DW-224E____________________________B.0A____\5&A0759BB&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TEAC DW-224E
PNP Device ID: IDE\CDROMTEAC_DW-224E____________________________B.0A____\5&A0759BB&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
RP125: 6/18/2011 2:31:42 AM - Software Distribution Service 3.0
RP126: 6/18/2011 5:17:45 AM - Software Distribution Service 3.0
RP127: 6/18/2011 12:13:43 PM - Software Distribution Service 3.0
RP128: 6/18/2011 12:17:13 PM - Software Distribution Service 3.0
RP129: 6/18/2011 2:44:36 PM - Norton Security Suite Registry
RP130: 6/18/2011 3:03:22 PM - Software Distribution Service 3.0
RP131: 6/18/2011 4:11:32 PM - Software Distribution Service 3.0
RP132: 6/18/2011 4:42:05 PM - Software Distribution Service 3.0
RP133: 6/19/2011 2:52:22 AM - Removed NetAssistant
RP134: 6/19/2011 2:54:03 AM - Removed Safari
RP135: 6/19/2011 2:54:49 AM - Removed Windows Live Sync
RP136: 6/19/2011 2:55:09 AM - Removed Windows Live Sign-in Assistant
RP137: 6/19/2011 3:18:06 AM - Software Distribution Service 3.0
RP138: 6/19/2011 11:54:55 AM - Software Distribution Service 3.0
RP139: 6/19/2011 1:40:54 PM - Software Distribution Service 3.0
RP140: 6/19/2011 11:54:38 PM - Installed Windows XP Wdf01005.
RP141: 6/20/2011 6:03:18 AM - Software Distribution Service 3.0
RP142: 6/21/2011 2:54:43 AM - Removed InstallIQ Updater
RP143: 6/21/2011 5:46:10 AM - Installed Java™ 6 Update 26
RP144: 6/21/2011 12:40:58 PM - Installed Windows XP Wdf01007.
RP145: 6/21/2011 3:03:45 PM - Installed Intel® Processor ID Utility
RP146: 6/21/2011 4:09:41 PM - Installed %1 %2.
RP147: 6/21/2011 4:15:32 PM - Installed Microsoft Fix it 50587
RP148: 6/21/2011 8:51:52 PM - Installed Symantec Technical Support Web Controls
RP149: 6/22/2011 1:02:43 AM - Software Distribution Service 3.0
RP150: 6/23/2011 1:43:02 PM - Removed Norton WMI Update
.
==== Installed Programs ======================
.
Access IBM
Access IBM Message Center
Access IBM Tools
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
Agere Systems AC'97 Modem
alm
Apple Application Support
Apple Software Update
ASUS RT-N10+ Wireless Router Utilities
CCleaner
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HWiNFO32 Version 3.82
IBM Access Connections
IBM Access Support - Local Content Pack
IBM DLA
IBM Rapid Restore PC Setup
IBM RecordNow
IBM RecordNow Update Manager
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Presentation Director
IBM TrackPoint Accessibility Features
Intel® Extreme Graphics 2 Driver
Intel® Processor ID Utility
Internet Explorer (Enable DEP)
InterVideo WinDVD
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
LiveReg (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
Norton Security Suite
OpenWith.org 1.0.3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Segoe UI
Stickies 7.1a
swMSM
Symantec Technical Support Web Controls
System Requirements Lab for Intel
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad Software Installer
ThinkPad TrackPoint Driver
TPNala Wallpaper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/24/2011 3:22:04 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/24/2011 3:18:48 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/23/2011 11:02:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1240 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
6/17/2011 9:14:42 PM, error: Service Control Manager [7023] - The DNS Client service terminated with the following error: No protocol sequences have been registered.
6/17/2011 9:14:42 PM, error: dnscache [11004] - Unable to start DNS Client service. Could not start the Remote Procedure Call (RPC) interface for this service. To correct the problem, you may restart the RPC and DNS Client services. To do so, use the following commands at a command prompt: (1) type "net start rpc" to start the RPC service, and (2) type "net start dnscache" to start the DNS Client service. For specific error code information, see the record data displayed below.
6/17/2011 5:04:29 PM, error: SAVRT [20] -
6/17/2011 5:01:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SymWSC service.
.
==== End Of File ===========================

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#2 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 24 June 2011 - 11:03 PM

c:\system volume information\_restore{14157744-4fa2-4caf-bafb-72cc49941087}\RP141\A0015473.exe (Adware.PremierOpinion)

This particular item is located in one of your restore points, so you can safely fix it by re-running MBAM.
I'm curious though how it got there. Maybe some leftover from previous installation.

As for redirection...
Was your computer physically connected to the net while you're performing factory restore?

Then, your router may be infected.

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

#3 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 25 June 2011 - 01:02 AM

So, if my router is infected:
1) Can my dsl modem (connected directly to router), Playstation 3, and all other computers that use the wireless internet in my home get infected?
2) Do I reset the router before I start cleaning the computers?

Thanks

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#4 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 25 June 2011 - 02:01 AM

Malwarebytes won't find the corrupted file now, even in safe mode. What can I do? I tried to do find (file name) and it shut me down.

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#5 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 25 June 2011 - 02:04 AM

Don't worry about it.

Go ahead with router reset.

#6 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 27 June 2011 - 12:49 AM

It took me a minute to get the router reset and my computer configured, but it's done now. I want to start running scans on the Toshiba, but my computer won't let me do anything. I keep getting error saying I don't have sufficient system resources. I can't copy or move files. I'm going to go through my services. Do you have any other ideas? Thanks

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#7 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 27 June 2011 - 12:54 AM

See how much of a free hard drive space you have.

#8 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 27 June 2011 - 03:04 AM

14.6GB Used; 19.8 Free. Should I run disk cleanup? Also, just a wierd little thing: It seems like I'm using a different registry every time I boot up. I lose my graphics, different files or applications, etc. Is there a scan that can shed any light on this occurrence? Thanks

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#9 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 27 June 2011 - 03:33 AM

We'll try to see what's going on...

You never said, if resetting router helped any.

Also...

Quote

Was your computer physically connected to the net while you're performing factory restore?

#10 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 27 June 2011 - 03:52 AM

I believe it helped considerably. I'm sorry if I forgot to thank you for that advice. I don't know if the corrupt item is still in restore or not, though. Malwarebytes wouldn't find it again after the first time, even though I didn't physically delete it. Wireless was on when I did the factory reset, but I wasn't physically connected through the ethernet cable. I couldn't even boot when I did the reset. Since I have no discs, I felt it was my only option. You know how badly my IS was infected. Now, the only problem seems to be that my system is unstable. It's like I'm logging on to a different computer each time I reboot. My settings don't seem to "stick" once I power down. I've been having trouble accessing alot of things, too, even though I'm administrator. Thanks

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#11 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 27 June 2011 - 04:44 AM

One more question before we proceed.
When you reset the router, did the redirection stop for other computers?

#12 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 27 June 2011 - 05:03 AM

So far it seems like there is no redirection on either computer. I haven't done any scans on the Toshiba yet to see if the programs are working, because I figured it was best to finish one thing at a time. Internet seems okay, though. Thanks

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#13 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 27 June 2011 - 05:10 AM

Very well. I'm pretty sure, the router was the main culprit for other computers issues.

Let's continue to check this computer.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

#14 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 27 June 2011 - 05:53 AM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xEE2C1000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110626.002\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
0xF8281000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 1400832 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7EEB000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1171456 bytes (Agere Systems, SoftModem Device Driver)
0xBF07C000 C:\WINDOWS\System32\ialmdd5.DLL 978944 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xEF586000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx86.sys 827392 bytes (Symantec Corporation, BASH Driver)
0xBA5AA000 SYMEFA.SYS 765952 bytes
0xF81AE000 C:\WINDOWS\System32\DRIVERS\AEIWLNDS.sys 634880 bytes (Actiontec Electronics, Inc, PRISM Wireless NDIS 5.1 Driver)
0xF806D000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBA4F2000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEE438000 C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
0xF8132000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xEF78C000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEF66E000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF7D75000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEF895000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110624.050\IDSxpx86.sys 368640 bytes (Symantec Corporation, IDS Core Driver)
0xEF93B000 C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xEF994000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEEA86000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBA677000 SYMDS.SYS 356352 bytes
0xBF16B000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEEBCE000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 233472 bytes (Intel Corporation, Component GHAL Driver)
0xF7DD3000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xBA7B1000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEEC37000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xBA4C5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBA6EE000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xEE146000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEF7FC000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF86D000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEF8EF000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEF915000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0xEE171000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xEF827000 C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0xF8049000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8249000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF80FB000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEF84B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA6CE000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBA763000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEF650000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xBA782000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xBA4AB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xBA71A000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF8009000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xBA733000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEF546000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xBA74B000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xEF35F000 C:\WINDOWS\system32\dla\tfsnudfa.sys 98304 bytes (VERITAS Software, Inc., Direct Access Component)
0xBA57F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7EB4000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEF377000 C:\WINDOWS\system32\dla\tfsnudf.sys 94208 bytes (VERITAS Software, Inc., Direct Access Component)
0xEF0F2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xBA596000 drvmcdb.sys 81920 bytes (VERITAS Software, Inc., Device Driver)
0xEE2AD000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110626.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF811E000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF826D000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EF000 ACPI_HAL 81152 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xEF9ED000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBA665000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xBA7A0000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7E03000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF86C7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF83D7000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF85A7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8597000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEF446000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8637000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF84B7000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF8487000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xEF74C000 C:\WINDOWS\system32\dla\tfsnifs.sys 57344 bytes (VERITAS Software, Inc., Direct Access Component)
0xF8517000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8417000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF85B7000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8477000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF83F7000 C:\WINDOWS\System32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF84F7000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF84E7000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF85D7000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8547000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF8577000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF8557000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF8567000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF86A7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF83E7000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8467000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF85C7000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8697000 C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0xF8537000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7E24000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (VERITAS Software, Inc., Device Driver Manager)
0xF8457000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8617000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF84D7000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF84A7000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF8527000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF85F7000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8407000 C:\WINDOWS\System32\DRIVERS\tp4track.sys 40960 bytes (Lenovo Group Limited, PS/2 TrackPoint Mouse Filter Driver)
0xEE106000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8507000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8427000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF85E7000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8657000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF8497000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xEF72C000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (VERITAS Software, Inc., Direct Access Component)
0xF84C7000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF8647000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8847000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF878F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF87AF000 C:\WINDOWS\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0xF8707000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF8717000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF879F000 C:\WINDOWS\System32\drivers\Tppwr.sys 32768 bytes (IBM Corp., IBM ThinkPad Power Management Device Driver)
0xF881F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF86EF000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF8837000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8777000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF873F000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF86D7000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8737000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF870F000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xEF526000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF871F000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF8727000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF883F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF8827000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF882F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF876F000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (VERITAS Software, Inc., Shared Driver Component)
0xF87A7000 C:\WINDOWS\System32\drivers\TDSMAPI.SYS 24576 bytes
0xF8807000 C:\WINDOWS\system32\dla\tfsnboio.sys 24576 bytes (VERITAS Software, Inc., Direct Access Component)
0xF8797000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 24576 bytes
0xF8817000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF877F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF872F000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF875F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF86FF000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF86F7000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF8787000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF86DF000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8857000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF885F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF86E7000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF884F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF87D7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF887B000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF888B000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF886F000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8893000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xBA47B000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8877000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF8883000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xBA402000 C:\Program Files\HWiNFO32\HWiNFO32.SYS 16384 bytes (REALiX™, HWiNFO32 Kernel Driver)
0xBA477000 C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver)
0xF888F000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xBA43A000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEF3A2000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8897000 PxHelp20.sys 16384 bytes (VERITAS Software, Inc., PxHelper Device Driver for Windows 2000)
0xF887F000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xEF4C6000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (VERITAS Software, Inc., Direct Access Component)
0xF8873000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8887000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF8867000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF886B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7D61000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8943000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA463000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF894B000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF895B000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF89A7000 C:\WINDOWS\System32\drivers\ASMBATT.SYS 8192 bytes (Quanta Computer,Inc., Battery Information Driver)
0xF899D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8965000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF8963000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF89A9000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF899B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF895D000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8957000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF899F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF89ED000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8967000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF89FB000 C:\WINDOWS\system32\drivers\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xF89A1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8995000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (VERITAS Software, Inc., Shared Driver Component)
0xF8997000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF89C1000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (VERITAS Software, Inc., Direct Access Component)
0xF895F000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF8999000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8961000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8959000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8AB4000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8A6E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8B9C000 C:\WINDOWS\System32\drivers\IBMBLDID.SYS 4096 bytes
0xF8B15000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8A20000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8A1F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8B7F000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (VERITAS Software, Inc., Direct Access Component)
0xF8B6A000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (VERITAS Software, Inc., Direct Access Component)
==============================================
>Stealth
==============================================

ComboFix 11-06-26.01 - Loba 06/26/2011 23:32:08.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.228 [GMT -6:00]
Running from: c:\documents and settings\Loba\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))
.
.
2011-06-27 02:42 . 2011-06-27 02:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-06-26 03:18 . 2006-11-29 03:46 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-06-26 03:18 . 2006-11-29 03:46 52800 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2011-06-25 01:36 . 2011-06-25 01:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-06-24 00:19 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-24 00:19 . 2011-06-24 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-24 00:19 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 00:19 . 2011-06-24 00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 23:53 . 2011-06-23 23:54 9435312 ----a-w- C:\BAM-setup-1.51.0.1200.exe
2011-06-23 22:47 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-23 22:47 . 2011-06-23 23:17 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-06-23 22:47 . 2011-06-23 23:17 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-06-23 22:47 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-23 22:46 . 2011-06-23 23:27 -------- d-----w- c:\windows\system32\drivers\N360
2011-06-23 22:46 . 2011-06-23 22:46 -------- d-----w- c:\program files\Norton Security Suite
2011-06-23 22:46 . 2011-06-23 22:46 -------- d-----w- c:\program files\NortonInstaller
2011-06-23 02:00 . 2011-06-23 02:01 -------- d-----w- c:\documents and settings\Addie
2011-06-22 09:45 . 2011-06-22 09:45 -------- d-----w- C:\Fixcombo
2011-06-22 07:43 . 2011-06-22 07:43 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-06-22 07:30 . 2011-06-27 05:00 -------- d-----w- c:\windows\system32\NtmsData
2011-06-22 07:05 . 2011-06-22 07:05 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-22 07:00 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-22 07:00 . 2011-06-27 00:55 -------- d-----w- c:\documents and settings\Danny
2011-06-22 03:37 . 2011-06-22 03:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-06-22 03:36 . 2011-06-22 06:59 -------- d-----w- c:\windows\LMI245.tmp
2011-06-21 21:15 . 2011-06-21 21:15 -------- d-----w- c:\program files\Intel
2011-06-21 18:40 . 2011-06-21 18:40 -------- d-----w- c:\program files\Lenovo
2011-06-21 13:01 . 2006-02-07 14:35 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-06-21 11:48 . 2011-06-21 11:48 -------- d-----w- c:\program files\Common Files\Java
2011-06-21 11:47 . 2011-06-21 11:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-21 11:47 . 2011-06-21 11:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-21 11:46 . 2011-06-21 11:46 -------- d-----w- c:\program files\Java
2011-06-21 11:23 . 2011-06-21 11:23 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-21 10:48 . 2011-06-21 10:49 -------- d-----w- c:\program files\HWiNFO32
2011-06-21 06:13 . 2011-06-27 02:41 -------- d-----w- c:\program files\Stardock
2011-06-21 05:28 . 2011-06-21 05:28 -------- d--h--w- c:\windows\PIF
2011-06-21 03:10 . 2011-06-21 03:10 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-06-21 02:42 . 2011-06-21 02:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-06-21 02:38 . 2011-06-21 02:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-20 10:47 . 2011-06-21 02:40 -------- d-----w- c:\program files\Autoruns.zip
2011-06-20 01:37 . 2011-04-11 20:38 731000 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\autoruns.exe
2011-06-19 18:24 . 2011-06-24 20:02 -------- d-----w- c:\program files\OpenWith.org Desktop Tool
2011-06-19 09:12 . 2011-06-22 09:30 -------- d-----w- C:\CCleanerRegBackup
2011-06-19 08:17 . 2011-06-19 09:11 -------- d-----w- c:\program files\CCleaner
2011-06-19 08:06 . 2011-06-19 08:06 592 ----a-w- c:\windows\uninstallstickies.bat
2011-06-19 08:06 . 2011-06-19 08:06 -------- d-----w- c:\program files\Stickies
2011-06-19 07:04 . 2011-06-21 08:55 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-06-19 07:02 . 2011-06-19 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-06-18 23:28 . 2011-06-18 23:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-06-18 22:21 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-06-18 22:21 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-18 22:20 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-06-18 22:20 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-18 22:18 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-18 22:12 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-06-18 21:28 . 2011-06-18 21:28 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-18 21:28 . 2011-06-18 21:28 -------- d-----w- c:\program files\MSBuild
2011-06-18 21:27 . 2011-06-18 21:27 -------- d-----w- c:\program files\Reference Assemblies
2011-06-18 21:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-18 21:25 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-18 21:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-18 21:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-18 21:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-18 21:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-18 21:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-18 21:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-18 21:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-18 21:25 . 2011-06-18 21:26 -------- d-----w- C:\2b68fa987c91c4577670a25d
2011-06-18 20:10 . 2011-06-26 23:22 -------- d-----r- C:\N360_BACKUP
2011-06-18 19:06 . 2011-06-18 19:06 -------- d-----w- c:\windows\system32\scripting
2011-06-18 19:06 . 2011-06-18 19:06 -------- d-----w- c:\windows\l2schemas
2011-06-18 19:06 . 2011-06-18 19:06 -------- d-----w- c:\windows\system32\en
2011-06-18 11:13 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2011-06-18 11:13 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2011-06-18 11:13 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2011-06-18 11:11 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2011-06-18 11:11 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2011-06-18 11:11 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2011-06-18 11:11 . 2008-04-13 17:27 79872 ------w- c:\windows\system32\msxml6r.dll
2011-06-18 11:11 . 2008-04-13 17:27 79872 ------w- c:\windows\system32\dllcache\msxml6r.dll
2011-06-18 11:11 . 2009-07-31 16:05 1372672 ------w- c:\windows\system32\msxml6.dll
2011-06-18 11:11 . 2009-07-31 16:05 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2011-06-18 11:11 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2011-06-18 11:11 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2011-06-18 11:11 . 2007-04-02 18:42 1327320 ------w- c:\program files\MSN\msncorefiles\install\msnsusii.exe
2011-06-18 11:10 . 2007-04-02 18:39 11053008 ------w- c:\program files\MSN\msncorefiles\install\msn9components\msncli.exe
2011-06-18 11:10 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2011-06-18 11:09 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2011-06-18 11:09 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2011-06-18 11:09 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2011-06-18 11:09 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2011-06-18 11:09 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2011-06-18 11:09 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2011-06-18 11:09 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2011-06-18 11:09 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2011-06-18 11:09 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2011-06-18 11:08 . 2008-04-13 16:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2011-06-18 11:06 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2011-06-18 09:02 . 2011-06-18 19:52 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-18 08:48 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-06-18 08:32 . 2011-06-18 08:32 -------- d-----w- c:\program files\Common Files\Windows Live
2011-06-18 04:28 . 2011-06-18 04:28 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-18 04:26 . 2011-06-18 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-18 03:43 . 2011-06-18 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-18 03:39 . 2011-06-18 03:39 -------- d-----w- c:\windows\system32\Adobe
2011-06-18 03:14 . 2011-06-18 04:26 -------- d-----w- c:\windows\system32\LogFiles
2011-06-18 02:58 . 2011-06-23 22:47 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-18 02:57 . 2011-06-19 01:45 -------- d-----w- c:\program files\Windows Sidebar
2011-06-18 02:25 . 2011-06-23 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-06-18 01:32 . 2011-06-18 01:32 -------- d-----w- c:\program files\Common Files\Apple
2011-06-18 01:32 . 2011-06-18 01:32 -------- d-----w- c:\program files\Apple Software Update
2011-06-18 01:32 . 2011-06-18 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-06-18 00:37 . 2011-06-18 00:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-06-18 00:24 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-06-18 00:24 . 2011-04-25 16:11 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-18 00:24 . 2011-04-25 16:11 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-18 00:24 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-18 00:24 . 2011-04-25 16:11 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-06-18 00:24 . 2011-04-26 16:11 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-06-18 00:24 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-18 00:21 . 2011-06-18 00:23 -------- dc-h--w- c:\windows\ie8
2011-06-17 23:37 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-17 23:32 . 2011-04-29 16:19 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-17 23:32 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-06-17 23:32 . 2011-02-17 13:18 357888 ------w- c:\windows\system32\dllcache\srv.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 21:24 . 2002-09-27 01:08 23552 ----a-w- c:\windows\system32\drivers\ABP480N5.SYS
2011-05-02 15:31 . 2002-09-27 00:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 1980-01-01 07:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 1980-01-01 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 1980-01-01 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 1980-01-01 07:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 16:26 . 2011-06-18 01:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 88107]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-02-17 20480]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-11-08 106551]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TrackPointSrv"="tp4serv.exe" [2002-12-03 87552]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-02-07 77824]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2003-02-17 32835]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-01-25 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-12-24 204800]
.
c:\documents and settings\Danny\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\documents and settings\Loba\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-6-19 1122304]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [6/23/2011 5:17 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [6/23/2011 5:17 PM 744568]
R1 ASMBATT;ASMBATT;c:\windows\system32\drivers\ASMBATT.SYS [6/16/2011 9:07 PM 4864]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [6/16/2011 1:56 AM 810616]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [6/21/2011 4:49 AM 20216]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [6/23/2011 5:17 PM 136312]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [6/16/2011 9:07 PM 15360]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [6/23/2011 5:16 PM 130008]
R3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;c:\windows\system32\drivers\AEIWLNDS.sys [1/1/1980 1:00 AM 611328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/18/2011 12:35 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110624.050\IDSXpx86.sys [6/25/2011 8:07 PM 355256]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1/1/1980 1:00 AM 22568]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/23/2011 6:19 PM 22712]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/23/2011 6:19 PM 366640]
S4 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BlackBox
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-06-27 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2011-06-17 08:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.smartestcomputing.us.com/
Trusted Zone: jpmorgan.com\www.ebtaccount
Trusted Zone: microsoft.com\catalog.update
Trusted Zone: us.com\www.smartestcomputing
TCP: DhcpNameServer = 192.168.1.1 68.87.85.102
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Loba\Application Data\Mozilla\Firefox\Profiles\0a32r6dh.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z020&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z020&form=ZGAADF&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-26 23:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDockFree\DockShellHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-26 23:47:14
ComboFix-quarantined-files.txt 2011-06-27 05:47
ComboFix2.txt 2011-06-22 10:14
.
Pre-Run: 21,532,454,912 bytes free
Post-Run: 21,526,978,560 bytes free
.
- - End Of File - - 2D2823E79DC52A56E607C8A6634D90AE

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#15 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 27 June 2011 - 03:02 PM

Both look good....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

#16 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 27 June 2011 - 06:07 PM

OTL logfile created on: 6/27/2011 11:55:56 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Loba\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 148.44 Mb Available Physical Memory | 29.54% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 72.26% Paging File free
Paging file location(s): C:\pagefile.sys 753 753 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.48 Gb Total Space | 20.08 Gb Free Space | 58.22% Space Free | Partition Type: NTFS

Computer Name: IBM-343C78E359F | User Name: Loba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/27 11:53:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loba\Desktop\OTL.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/02/24 03:06:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2003/02/17 01:30:48 | 000,032,835 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

========== Modules (SafeList) ==========

MOD - [2011/06/27 11:53:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loba\Desktop\OTL.exe
MOD - [2011/04/28 18:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\asoehook.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\microsoft.vc90.crt\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2003/02/24 03:06:00 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)

========== Driver Services (SafeList) ==========

DRV - [2011/06/24 01:46:03 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110626.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/24 01:46:03 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110626.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/23 17:17:35 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/06/20 08:53:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/17 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/16 01:56:18 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/06/02 19:08:20 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110624.050\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/22 22:51:26 | 000,020,216 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2011/03/30 21:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 18:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 20:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 19:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/28 21:46:28 | 000,052,800 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/08/03 23:41:35 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/24 03:06:00 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2003/02/17 13:22:24 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/02/17 02:33:00 | 000,015,360 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2003/02/14 12:59:14 | 001,169,792 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/02/13 02:33:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2003/02/13 02:33:00 | 000,008,830 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2003/02/06 03:12:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2003/01/24 15:02:14 | 000,004,864 | ---- | M] (Quanta Computer,Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASMBATT.SYS -- (ASMBATT)
DRV - [2002/09/23 20:16:50 | 000,611,328 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [2002/09/19 19:41:28 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001/08/17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartestcomputing.us.com/
IE - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...020&form=ZGAPHP"
FF - prefs.js..keyword.URL: "http://www.bing.com/...0&form=ZGAADF="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/24 03:19:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/06/23 17:16:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/17 19:28:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/17 20:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loba\Application Data\Mozilla\Extensions
[2011/06/20 05:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Loba\Application Data\Mozilla\Firefox\Profiles\0a32r6dh.default\extensions
[2011/06/20 05:47:50 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Mozilla\Firefox\Profiles\0a32r6dh.default\searchplugins\bing-zugo.xml
[2011/06/17 23:35:49 | 000,002,152 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Mozilla\Firefox\Profiles\0a32r6dh.default\searchplugins\qrobeit.xml
[2011/06/21 05:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/21 05:48:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/23 17:16:31 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN
[2011/06/24 03:19:04 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2011/06/21 05:46:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/19 13:44:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 10:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/06/21 11:26:02 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Danny\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: jpmorgan.com ([www.ebtaccount] http in Trusted sites)
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: microsoft.com ([catalog.update] http in Trusted sites)
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: us.com ([www.smartestcomputing] http in Trusted sites)
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1308650284039 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1308280775089 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1308283387150 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.85.102
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\AutorunsDisabled\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Loba\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Loba\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 11:53:33 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Loba\Desktop\OTL.exe
[2011/06/26 23:59:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/26 23:27:20 | 004,126,959 | R--- | C] (Swearware) -- C:\Documents and Settings\Loba\Desktop\ComboFix.exe
[2011/06/26 20:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\ODUI
[2011/06/26 20:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Stardock
[2011/06/26 20:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\Stardock
[2011/06/26 20:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Stardock
[2011/06/26 20:42:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2011/06/26 20:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stardock
[2011/06/26 20:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\PackageAware
[2011/06/26 18:33:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Loba\Recent
[2011/06/26 17:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\Ebackup
[2011/06/25 21:18:23 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50a64.sys
[2011/06/25 21:18:22 | 000,052,800 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50.sys
[2011/06/25 21:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ASUS Utility
[2011/06/25 21:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\InstallShield
[2011/06/23 20:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Symantec
[2011/06/23 18:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Malwarebytes
[2011/06/23 18:19:33 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/23 18:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/23 18:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/23 18:19:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/23 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/23 17:53:41 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\BAM-setup-1.51.0.1200.exe
[2011/06/23 17:17:31 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys
[2011/06/23 17:17:31 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys
[2011/06/23 17:17:31 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys
[2011/06/23 17:17:31 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys
[2011/06/23 17:17:30 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys
[2011/06/23 17:17:30 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/06/23 17:17:29 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/06/23 17:17:29 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys
[2011/06/23 17:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D
[2011/06/23 16:47:31 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/06/23 16:47:31 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/06/23 16:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/06/23 16:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2011/06/23 16:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
[2011/06/23 16:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/06/22 08:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\OpenWith.org Cache
[2011/06/22 04:35:18 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Loba\My Documents\My Stationery
[2011/06/22 03:50:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/22 03:46:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/22 03:46:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/22 03:46:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/22 03:46:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/22 03:45:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/22 03:45:03 | 000,000,000 | ---D | C] -- C:\Fixcombo
[2011/06/22 01:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\MrFixit
[2011/06/22 01:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\Scans
[2011/06/22 01:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\Logs
[2011/06/22 01:43:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/06/22 01:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/06/22 01:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/06/21 22:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\NPE
[2011/06/21 21:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2011/06/21 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\ElevatedDiagnostics
[2011/06/21 16:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/06/21 16:09:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/06/21 15:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/06/21 12:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2011/06/21 11:26:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2011/06/21 10:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Help
[2011/06/21 10:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Help
[2011/06/21 05:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/21 05:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/21 05:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/21 05:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Sun
[2011/06/21 05:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/06/21 04:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HWiNFO32
[2011/06/21 04:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32
[2011/06/21 03:37:50 | 000,731,000 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\autoruns.exe
[2011/06/21 00:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/06/21 00:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
[2011/06/20 23:28:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/06/20 20:53:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/20 20:37:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/20 16:46:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/20 04:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Autoruns.zip
[2011/06/20 04:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Morpheus PRO
[2011/06/20 04:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Shared
[2011/06/19 12:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenWith.org Desktop Tool
[2011/06/19 12:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\OpenWith.org Desktop Tool
[2011/06/19 03:12:43 | 000,000,000 | ---D | C] -- C:\CCleanerRegBackup
[2011/06/19 02:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/19 02:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/19 02:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\stickies
[2011/06/19 02:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Stickies
[2011/06/19 01:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\AbiSuite
[2011/06/19 01:04:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2011/06/19 01:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/06/19 00:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Yahoo!
[2011/06/18 22:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Identities
[2011/06/18 21:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\My Received Files
[2011/06/18 19:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\WinRAR
[2011/06/18 19:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/06/18 19:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Start Menu\Programs\WinRAR
[2011/06/18 19:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/06/18 15:28:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/06/18 15:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/06/18 15:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/06/18 15:25:46 | 000,000,000 | ---D | C] -- C:\2b68fa987c91c4577670a25d
[2011/06/18 14:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\WMTools Downloaded Files
[2011/06/18 14:10:44 | 000,000,000 | R--D | C] -- C:\N360_BACKUP
[2011/06/18 13:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/18 13:06:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/18 13:06:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/18 13:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011/06/18 13:06:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/18 12:41:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/18 03:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Tific
[2011/06/18 03:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Tracing
[2011/06/18 02:54:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/06/18 02:52:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/06/18 02:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/06/18 02:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/06/18 02:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\Fixers
[2011/06/18 02:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\A410
[2011/06/18 00:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\IBM
[2011/06/17 23:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\Downloads
[2011/06/17 23:12:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Loba\IECompatCache
[2011/06/17 22:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/06/17 22:26:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/06/17 21:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Temp
[2011/06/17 21:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Adobe
[2011/06/17 21:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/17 21:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/17 21:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/06/17 21:39:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/17 21:14:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/06/17 20:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/17 20:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/06/17 20:48:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/06/17 20:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\My Documents\Symantec
[2011/06/17 20:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/06/17 20:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Mozilla
[2011/06/17 20:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Mozilla
[2011/06/17 20:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/06/17 20:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/06/17 20:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Apple Computer
[2011/06/17 20:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Apple Computer
[2011/06/17 20:08:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/17 20:08:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\My Documents\My Videos
[2011/06/17 20:08:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\Start Menu\Programs\Administrative Tools
[2011/06/17 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/17 19:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Apple
[2011/06/17 19:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/06/17 19:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/17 18:42:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Loba\PrivacIE
[2011/06/17 18:35:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Loba\IETldCache
[2011/06/17 18:24:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/17 18:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/17 18:21:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/17 18:21:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/06/17 14:02:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2011/06/17 14:02:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2011/06/17 13:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/17 13:33:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/17 13:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/06/16 23:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\InterVideo
[2011/06/16 22:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Symantec
[2011/06/16 22:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/06/16 22:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/06/16 22:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/06/16 22:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/06/16 21:48:34 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ASIW32N50.dll
[2011/06/16 21:48:34 | 000,016,302 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ASINDIS5.sys
[2011/06/16 21:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2011/06/16 21:34:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Loba\Application Data\Microsoft
[2011/06/16 21:34:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Loba\Application Data
[2011/06/16 21:34:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\Favorites
[2011/06/16 21:34:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\Desktop
[2011/06/16 21:34:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Loba\Cookies
[2011/06/16 21:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\VERITAS
[2011/06/16 21:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Local Settings\Application Data\Microsoft
[2011/06/16 21:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Identities
[2011/06/16 21:34:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Loba\SendTo
[2011/06/16 21:34:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\Start Menu\Programs\Startup
[2011/06/16 21:34:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\Start Menu
[2011/06/16 21:34:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\My Documents\My Pictures
[2011/06/16 21:34:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\My Documents\My Music
[2011/06/16 21:34:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\My Documents
[2011/06/16 21:34:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Loba\Start Menu\Programs\Accessories
[2011/06/16 21:34:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Loba\Templates
[2011/06/16 21:34:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Loba\PrintHood
[2011/06/16 21:34:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Loba\NetHood
[2011/06/16 21:34:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Loba\Local Settings
[2011/06/16 21:23:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/16 21:23:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/16 21:22:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/16 21:20:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/16 21:19:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Loba\UserData
[2011/06/16 21:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Macromedia
[2011/06/16 21:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\Adobe
[2011/06/16 21:16:15 | 000,098,354 | ---- | C] (VERITAS Software, Inc.) -- C:\WINDOWS\dla.exe
[2011/06/16 21:16:15 | 000,061,494 | ---- | C] (VERITAS Software, Inc.) -- C:\WINDOWS\System32\tfswapi.dll
[2011/06/16 21:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dla
[2011/06/16 21:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\IBM DLA
[2011/06/16 21:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM DLA
[2011/06/16 21:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\VERITAS Software
[2011/06/16 21:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM RecordNow
[2011/06/16 21:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\IBM RecordNow
[2011/06/16 21:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
[2011/06/16 21:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2011/06/16 21:14:46 | 000,000,000 | ---D | C] -- C:\icons
[2011/06/16 21:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\IBM
[2011/06/16 21:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ibm
[2011/06/16 21:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Registration
[2011/06/16 21:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SBUtils
[2011/06/16 21:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\SBApps
[2011/06/16 21:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2011/06/16 21:08:22 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/06/16 21:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/06/16 21:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Loba\Application Data\MSN6
[2011/06/16 21:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2011/06/16 21:07:33 | 000,004,864 | ---- | C] (Quanta Computer,Inc.) -- C:\WINDOWS\System32\drivers\ASMBATT.SYS
[2011/06/16 21:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM
[2011/06/16 21:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/16 21:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2011/06/16 20:59:02 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2011/06/16 20:50:04 | 000,000,000 | ---D | C] -- C:\IBMTOOLS
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 12:01:23 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2011/06/27 11:53:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loba\Desktop\OTL.exe
[2011/06/27 09:05:18 | 000,128,800 | ---- | M] () -- C:\Documents and Settings\Loba\Desktop\RACELINE CENTRAL Windows XP services setting, enabling and disabling.mht
[2011/06/27 08:44:24 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/27 08:43:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 08:43:53 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/27 02:13:29 | 000,433,256 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 02:13:29 | 000,068,062 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/27 01:48:35 | 000,762,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/06/26 23:27:20 | 004,126,959 | R--- | M] (Swearware) -- C:\Documents and Settings\Loba\Desktop\ComboFix.exe
[2011/06/26 23:12:55 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Loba\Desktop\RKUnhookerLE.EXE
[2011/06/25 22:14:17 | 000,000,328 | RHS- | M] () -- C:\BOOT.INI
[2011/06/24 20:30:59 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to aswMBR.exe.lnk
[2011/06/24 19:20:45 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/06/24 13:49:16 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\GERM.exe.lnk
[2011/06/24 13:47:22 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Fixcombo.exe.lnk
[2011/06/23 18:19:35 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/23 17:54:00 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\BAM-setup-1.51.0.1200.exe
[2011/06/23 17:17:35 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/06/23 17:17:35 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/06/23 17:17:35 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/06/23 17:17:35 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/06/23 16:45:52 | 000,000,836 | ---- | M] () -- C:\Norton Installation Files.lnk
[2011/06/22 14:23:01 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/21 22:21:04 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/21 16:39:56 | 000,000,887 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/06/21 16:11:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/21 12:41:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_tp4track_01007.Wdf
[2011/06/21 12:41:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/06/21 03:59:25 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\Loba\My Documents\Microsoft Update Catalog.url
[2011/06/20 23:24:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/20 23:24:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/19 23:55:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2011/06/19 23:55:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/06/19 02:17:08 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/06/19 02:06:20 | 000,000,592 | ---- | M] () -- C:\WINDOWS\uninstallstickies.bat
[2011/06/19 00:23:08 | 000,003,476 | ---- | M] () -- C:\Documents and Settings\Loba\My Documents\The 7 Best Free Open Source Programs To Replace Commercial Windows Software.url
[2011/06/18 22:39:15 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2011/06/18 15:53:08 | 000,025,884 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/18 13:46:46 | 002,099,502 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2011/06/18 12:40:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/17 22:29:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/17 22:29:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/17 22:26:28 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/17 20:31:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/06/17 17:03:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/17 14:07:23 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/06/17 13:42:35 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/06/16 21:34:52 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/06/16 21:34:44 | 000,000,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\IBM_2389_3HU.MRK
[2011/06/16 21:34:39 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\firstboot.ibm
[2011/06/16 21:34:16 | 000,001,463 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/16 21:24:21 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/16 21:20:46 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/06/16 21:20:40 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2011/06/16 21:16:16 | 000,000,138 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/16 21:14:06 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Welcome.ini
[2011/06/16 21:09:38 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\IBM_2389_3HU_TP.MRK
[2011/06/16 20:59:48 | 000,002,481 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/27 09:05:17 | 000,128,800 | ---- | C] () -- C:\Documents and Settings\Loba\Desktop\RACELINE CENTRAL Windows XP services setting, enabling and disabling.mht
[2011/06/26 23:12:54 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Loba\Desktop\RKUnhookerLE.EXE
[2011/06/24 20:16:23 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/24 15:13:19 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to aswMBR.exe.lnk
[2011/06/24 13:56:23 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/06/24 13:49:16 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\GERM.exe.lnk
[2011/06/24 13:47:22 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Fixcombo.exe.lnk
[2011/06/23 18:19:35 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/23 17:23:15 | 000,762,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB
[2011/06/23 17:17:31 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat
[2011/06/23 17:17:31 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat
[2011/06/23 17:17:31 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf
[2011/06/23 17:17:31 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf
[2011/06/23 17:17:30 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat
[2011/06/23 17:17:30 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf
[2011/06/23 17:17:30 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf
[2011/06/23 17:17:29 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat
[2011/06/23 17:17:29 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/06/23 17:17:29 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/06/23 17:17:29 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/06/23 17:17:29 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/06/23 17:17:29 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf
[2011/06/23 17:16:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat
[2011/06/23 17:16:31 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini
[2011/06/23 16:47:31 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/06/23 16:47:31 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/06/23 16:45:52 | 000,000,836 | ---- | C] () -- C:\Norton Installation Files.lnk
[2011/06/22 03:51:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/22 03:50:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/22 03:46:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/22 03:46:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/22 03:46:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/22 03:46:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/22 03:46:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/21 12:41:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_tp4track_01007.Wdf
[2011/06/21 12:41:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/06/21 11:10:20 | 000,085,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/21 03:59:25 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Loba\My Documents\Microsoft Update Catalog.url
[2011/06/21 03:37:50 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/06/21 03:24:31 | 000,003,476 | ---- | C] () -- C:\Documents and Settings\Loba\My Documents\The 7 Best Free Open Source Programs To Replace Commercial Windows Software.url
[2011/06/20 23:24:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/20 23:24:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/19 23:55:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf
[2011/06/19 23:55:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/06/19 02:06:20 | 000,000,592 | ---- | C] () -- C:\WINDOWS\uninstallstickies.bat
[2011/06/18 22:39:14 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2011/06/18 05:08:30 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2011/06/17 22:26:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/06/17 21:45:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/17 20:31:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/17 20:18:26 | 000,025,884 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/17 19:28:13 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/17 17:03:01 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/17 13:20:13 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/17 13:20:13 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2011/06/17 13:20:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/06/16 21:48:34 | 000,015,577 | ---- | C] () -- C:\WINDOWS\System32\ASINDIS3.vxd
[2011/06/16 21:34:44 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBM_2389_3HU.MRK
[2011/06/16 21:34:39 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\firstboot.ibm
[2011/06/16 21:34:33 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Loba\Start Menu\Programs\Remote Assistance.lnk
[2011/06/16 21:34:33 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Loba\Start Menu\Programs\Internet Explorer.lnk
[2011/06/16 21:24:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/16 21:20:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/06/16 21:16:15 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/16 21:14:03 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2011/06/16 21:10:12 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2011/06/16 21:09:36 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\IBM_2389_3HU_TP.MRK
[2011/06/16 21:09:28 | 000,060,407 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2011/06/16 21:09:28 | 000,058,767 | ---- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp
[2011/06/16 21:09:28 | 000,057,768 | ---- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp
[2011/06/16 21:09:28 | 000,056,636 | ---- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp
[2011/06/16 21:09:27 | 000,063,399 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2011/06/16 21:09:27 | 000,061,249 | ---- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp
[2011/06/16 21:09:27 | 000,059,369 | ---- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp
[2011/06/16 21:09:27 | 000,058,791 | ---- | C] () -- C:\WINDOWS\System32\igfxhell.lhp
[2011/06/16 21:09:27 | 000,058,108 | ---- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp
[2011/06/16 21:09:27 | 000,058,017 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2011/06/16 21:09:27 | 000,057,858 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2011/06/16 21:09:27 | 000,057,762 | ---- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp
[2011/06/16 21:09:27 | 000,057,452 | ---- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp
[2011/06/16 21:09:27 | 000,057,353 | ---- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp
[2011/06/16 21:09:27 | 000,056,980 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2011/06/16 21:09:27 | 000,056,933 | ---- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2011/06/16 21:09:27 | 000,056,829 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2011/06/16 21:09:27 | 000,056,813 | ---- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2011/06/16 21:09:27 | 000,056,735 | ---- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp
[2011/06/16 21:09:27 | 000,056,649 | ---- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp
[2011/06/16 21:09:27 | 000,056,548 | ---- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2011/06/16 21:09:27 | 000,056,139 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2011/06/16 21:09:27 | 000,056,119 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2011/06/16 21:09:27 | 000,055,598 | ---- | C] () -- C:\WINDOWS\System32\igfxhara.lhp
[2011/06/16 21:09:27 | 000,055,582 | ---- | C] () -- C:\WINDOWS\System32\igfxharb.lhp
[2011/06/16 21:09:27 | 000,055,426 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2011/06/16 21:09:27 | 000,055,186 | ---- | C] () -- C:\WINDOWS\System32\igfxheng.lhp
[2011/06/16 21:09:27 | 000,055,002 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2011/06/16 21:08:41 | 000,005,928 | ---- | C] () -- C:\WINDOWS\System32\TP4LATCH.WAV
[2011/06/16 21:08:41 | 000,004,458 | ---- | C] () -- C:\WINDOWS\System32\TP4CLICK.WAV
[2011/06/16 21:08:40 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2011/06/16 21:08:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\QCONSVC.EXE
[2011/06/16 21:08:22 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2011/06/16 21:07:55 | 000,008,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2011/06/16 21:07:37 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\BMMTask.job
[2011/06/16 21:07:33 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2011/06/16 21:07:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2011/06/16 20:59:48 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/15 02:14:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2002/11/08 13:10:40 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/26 18:26:59 | 000,000,887 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/09/26 18:23:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/09/26 18:13:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/26 18:06:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/26 18:05:52 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/01/09 18:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/23 08:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 08:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 01:00:00 | 000,433,256 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 01:00:00 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[1980/01/01 01:00:00 | 000,068,062 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 01:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[1980/01/01 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 01:00:00 | 000,005,053 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[1980/01/01 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/06/16 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Addie\Application Data\VERITAS
[2011/06/16 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VERITAS
[2011/06/20 16:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2011/06/26 20:42:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2011/06/26 22:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\Stardock
[2011/06/16 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danny\Application Data\VERITAS
[2011/06/16 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\VERITAS
[2011/06/26 21:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\ElevatedDiagnostics
[2011/06/18 00:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\IBM
[2011/06/16 23:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\InterVideo
[2011/06/20 04:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\Morpheus PRO
[2011/06/26 23:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\OpenWith.org Cache
[2011/06/26 20:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\Stardock
[2011/06/22 02:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\stickies
[2011/06/18 03:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\Tific
[2011/06/16 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loba\Application Data\VERITAS
[2011/06/27 12:01:23 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/06/23 17:54:00 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\BAM-setup-1.51.0.1200.exe
[2011/06/21 22:21:04 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/25 22:14:17 | 000,000,328 | RHS- | M] () -- C:\BOOT.INI
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/26 23:47:16 | 000,020,216 | ---- | M] () -- C:\ComboFix.txt
[2011/06/27 08:43:53 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 23:24:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/20 23:24:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/23 16:45:52 | 000,000,836 | ---- | M] () -- C:\Norton Installation Files.lnk
[2011/06/17 13:42:35 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/06/18 12:40:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/27 08:43:52 | 789,577,728 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2002/09/26 18:16:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2002/09/26 18:05:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/09/26 18:05:20 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/09/26 18:05:20 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/06/18 13:11:58 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/11 14:38:22 | 000,731,000 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\autoruns.exe
[2011/06/17 17:01:17 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Loba\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/26 23:27:20 | 004,126,959 | R--- | M] (Swearware) -- C:\Documents and Settings\Loba\Desktop\ComboFix.exe
[2011/06/27 11:53:37 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Loba\Desktop\OTL.exe
[2011/06/26 23:12:55 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Loba\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 23:23:26 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/21 02:52:27 | 000,000,135 | -HS- | M] () -- C:\Documents and Settings\Loba\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/06/21 21:48:01 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Loba\Cookies\desktop.ini
[2011/06/27 11:51:44 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Loba\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 11:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 11:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 11:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 11:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/12/17 11:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 11:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 11:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 11:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 12:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-22 07:05:20

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS:SummaryInformation

< End of report >

OTL Extras logfile created on: 6/27/2011 11:55:56 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Loba\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 148.44 Mb Available Physical Memory | 29.54% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 72.26% Paging File free
Paging file location(s): C:\pagefile.sys 753 753 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.48 Gb Total Space | 20.08 Gb Free Space | 58.22% Space Free | Partition Type: NTFS

Computer Name: IBM-343C78E359F | User Name: Loba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = IBM RecordNow Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{7CD7017F-40BA-405C-A2CE-01C34151C6D1}" = ASUS RT-N10+ Wireless Router Utilities
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B52F8C4B-FE88-4B59-9B80-1C93669D7DEB}_is1" = OpenWith.org 1.0.3
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F1F721BF-040C-4096-988A-1DB01EB73B0C}" = TPNala Wallpaper
"Access IBM Tools" = Access IBM Tools
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"CCleaner" = CCleaner
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"HWiNFO32_is1" = HWiNFO32 Version 3.82
"ie8" = Windows Internet Explorer 8
"LiveReg" = LiveReg (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"ObjectDock Free" = ObjectDock Free
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"TrackPoint" = ThinkPad TrackPoint Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZhornStickies" = Stickies 7.1a

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2011 5:23:28 AM | Computer Name = IBM-343C78E359F | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 6/22/2011 5:23:28 AM | Computer Name = IBM-343C78E359F | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 6/22/2011 10:35:25 PM | Computer Name = IBM-343C78E359F | Source = Application Error | ID = 1000
Description = Faulting application ibmact~1.scr, version 1.83.0.0, faulting module
flash10t.ocx, version 10.3.181.26, fault address 0x000027b2.

Error - 6/24/2011 12:37:30 AM | Computer Name = IBM-343C78E359F | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.51.0.1074, faulting module
uxtheme.dll, version 6.0.2900.5512, fault address 0x0001fbef.

Error - 6/24/2011 12:39:46 AM | Computer Name = IBM-343C78E359F | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 6/27/2011 4:20:11 AM | Computer Name = IBM-343C78E359F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/27/2011 4:20:12 AM | Computer Name = IBM-343C78E359F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/27/2011 4:20:13 AM | Computer Name = IBM-343C78E359F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/27/2011 4:20:14 AM | Computer Name = IBM-343C78E359F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/27/2011 4:20:17 AM | Computer Name = IBM-343C78E359F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 6/25/2011 11:56:48 PM | Computer Name = IBM-343C78E359F | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic Flash
Disk USB Device.

Error - 6/25/2011 11:56:51 PM | Computer Name = IBM-343C78E359F | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic Flash
Disk USB Device.

Error - 6/26/2011 12:58:43 AM | Computer Name = IBM-343C78E359F | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 6/26/2011 1:34:08 AM | Computer Name = IBM-343C78E359F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00061BC2A5B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/26/2011 1:42:13 AM | Computer Name = IBM-343C78E359F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00061BC2A5B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/26/2011 1:45:00 AM | Computer Name = IBM-343C78E359F | Source = PSched | ID = 14103
Description = QoS [Adapter {DBE962B4-511E-49D3-98F5-D0154EA0C4FC}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 6/26/2011 1:45:17 AM | Computer Name = IBM-343C78E359F | Source = PSched | ID = 14103
Description = QoS [Adapter {DBE962B4-511E-49D3-98F5-D0154EA0C4FC}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 6/26/2011 2:03:18 AM | Computer Name = IBM-343C78E359F | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic Flash
Disk USB Device.

Error - 6/26/2011 2:03:25 AM | Computer Name = IBM-343C78E359F | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic Flash
Disk USB Device.

Error - 6/26/2011 2:15:22 AM | Computer Name = IBM-343C78E359F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00061BC2A5B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#17 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 27 June 2011 - 06:14 PM

Quote

502.42 Mb Total Physical Memory

Your computer could use another 512MB of RAM.
On a top of it, Norton is pretty resource hungry.

===============================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: jpmorgan.com ([www.ebtaccount] http in Trusted sites)
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: microsoft.com ([catalog.update] http in Trusted sites)
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: us.com ([www.smartestcomputing] http in Trusted sites)
O15 - HKU\S-1-5-21-4277903210-1906120253-3402646504-1004\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=====================================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

#18 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 27 June 2011 - 09:22 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jpmorgan.com\www.ebtaccount\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\catalog.update\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\us.com\www.smartestcomputing\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4277903210-1906120253-3402646504-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\login\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\002251_.tmp deleted successfully.
C:\WINDOWS\005869_.tmp deleted successfully.
C:\WINDOWS\LMI245.tmp\rescue.log deleted successfully.
C:\WINDOWS\LMI245.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Addie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 470 bytes

User: All Users

User: Danny
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 470 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Loba
->Temp folder emptied: 45080 bytes
->Temporary Internet Files folder emptied: 4226929 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39045355 bytes
->Apple Safari cache emptied: 41308160 bytes
->Flash cache emptied: 719 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66041 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 70842 bytes
RecycleBin emptied: 715135 bytes

Total Files Cleaned = 82.00 mb

[EMPTYFLASH]

User: Addie

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Danny
->Flash cache emptied: 0 bytes

User: Default User

User: Loba
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.1 log created on 06272011_121943

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\UTGTXB8Z\Pink-sea[1].gif not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\UTGTXB8Z\queryCAURUIGN not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\UTGTXB8Z\sm_000_oo[1].gif not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\UTGTXB8Z\spacer[1].gif not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\UTGTXB8Z\vid=-1&cookie=GMXA39KKIRKI3MINQP0I4TNGQFRBAO83&alias=smartestcomputing.us[1].com&idle=0&vs=r&ra=729SZZCD9KBFSZ76V8K3ID1GD2LXS94L not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\T3JF5Q8E\bald_head[1].gif not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\T3JF5Q8E\easyreorder[1].js not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\T3JF5Q8E\lg_continue-btn_blue[1].gif not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\T3JF5Q8E\prettify[1].js not found!
C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat moved successfully.

Registry entries deleted on Reboot...
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP141\A0015447.exe multiple threats
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP141\A0015470.dll probably a variant of Win32/Adware.RK application

Ha! Found it again! I didn't delete. That took forever. What should I do next?

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}

#19 Broni Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 05:37 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 27 June 2011 - 09:58 PM

Resetting system restore through our last steps will do.

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

12. Please, let me know, how your computer is doing.

#20 lobita68 Re: [RESOLVED] Windows Redirect/Recovery/I'mNotSure Virus

NOOB

54 posts
Joined: June 05, 2011
4 topics
Age: 44
Skin: IP.Board
Local time: 06:37 PM

Zodiac:Taurus
Gender:Female
Location:CO springs, CO
Interests:Hanging out with my kids is my first love. I'm cherishing every moment with them, because it's a bit unusual for teenagers to enjoy chillin with their mom. Pretty soon they'll be on their own. Learning everything I can about computers and what makes them work is my newest passion. It's been quite an experience, between viruses, factory resets, HDD failures and a little kitten that likes to chase the cursor and run across the keyboard at inopportune times.
OS:other
Country:

Offline

Time Online: 3h 31m 23s

Posted 27 June 2011 - 11:29 PM

Thanks for all your help. I hope I'm done with this computer for a while. The Toshiba is in worse shape than this, I think. I don't even think I can download or run any scans on it. So now my system restore might actually work? Could this have been the problem a month ago, when the system restore went so badly? Here's the last log. Thank you again. I will update you on performance after I finish the rest of your instructions.
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Addie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Danny
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Loba
->Temp folder emptied: 34700 bytes
->Temporary Internet Files folder emptied: 5137985 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 859 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16889 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb

[EMPTYFLASH]

User: Addie

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Danny
->Flash cache emptied: 0 bytes

User: Default User

User: Loba
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.24.1 log created on 06272011_170122

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\blonde_moment[1].gif not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\bullet_green[1].png not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\clJdoaAA7xi[1].js not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\comments-bg[1].gif not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\Common[1].css not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\dpx[1].js not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\elqCfg[1].js not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\queryCAPIUUFV not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XJB0U4ZJ\video_link[1].png not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\arrows[1].png not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\bees-wasps[1].jpg not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\button1[1].htm not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\coloradospringspestcontrolreviews[1].png not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\fancy_shadow_n[1].png not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\form_bg_middle[1].png not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\icon-youtube[1].png not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\jquery.datasort[1].js not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\p13yZ069LVL[1].png not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\queryCAUCRB51 not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\Resonance[1].aspx not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\res_lp_learnoff[1].jpg not found!
File\Folder C:\Documents and Settings\Loba\Local Settings\Temporary Internet Files\Content.IE5\XGI31FVQ\search[4].htm not found!
C:\WINDOWS\temp\Perflib_Perfdata_fc.dat moved successfully.

Registry entries deleted on Reboot...

{HELP ME, OBI 1. YOU'RE MY ONLY HOPE!}