Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to Remove Scour.com Redirect Virus

Posted on 2011-05-07
22
Medium Priority
?
3,453 Views
Last Modified: 2013-12-09
One of my users gets redirected to scour.com each time they use google.  Their anti-virus is Norton Internet Security and its up to date.  However, it is not finding anything in the scans.  What exactly is this Scour.com thing and how do i remove it?
0
Comment
Question by:deklinm
  • 9
  • 7
  • 3
  • +2
22 Comments
 
LVL 23

Expert Comment

by:phototropic
ID: 35714629
Please run a scan with Mbam and post the log:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Be sure to update it, then run a Quickscan.  Post the log here for review.

TDSSKiller is also good for redirects:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Does this redirect happen with all browsers, or just with IE?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35715048
As suggested use TDSSKiller if google search is redirected.

“Google Hijack” — Google Search Gets Redirected
http://www.experts-exchange.com/Virus_and_Spyware/Latest_Threats/A_3299-Google-Hijack-Google-Search-Gets-Redirected.html


Is Scourtoolbar also present?
http://rdsrc.us/50neHu
0
 

Author Comment

by:deklinm
ID: 35716133
I ran TDSSkiller and the results found nothing
I dont see the tool bar present.
The only browser i have installed is IE

The MBAM scan came back clean too.  See log below:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6533

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/8/2011 1:34:53 PM
mbam-log-2011-05-08 (13-34-53).txt

Scan type: Quick scan
Objects scanned: 167188
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35717541
can we look at the TDSSKiller log please?

Also try this diagnostic tool, it won't delete any files on its first run, will only delete bad files using a script that we will provide if necessary.

Download OTL, save to Desktop or other convenient location.
http://oldtimer.geekstogo.com/OTL.exe

OTL does not need to be installed, simply click the OTL icon to run
Click the Quick Scan Button.
A log will open in notepad, and OTL.txt will be saved to the same location as OTL.exe (i.e.: desktop)
Post/attach the log here.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 35717875
Apparantly the Scour.com Redirect virus can be quite difficult to remove, but you may well find that one of these scanners will do the job ...

Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro
If you go to sub-heading "Scan Cloud" you'll see a brief discussion on how files are checked to see if they are indeed malicious.

and ...
The ESET Online Scanner:
http://www.eset.com/online-scanner
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 35717892
Having said that, there was a good chance that TDSSKiller could have resolved it originally, so i second rpggamergirl's request to see the associated log please ...thanks
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35717936
"I ran TDSSkiller and the results found nothing"
I asked to see the TDSSKiller log because IF the issue still exists, it may be a new variant that TDSSKiller doesn't see but the log should see hooks in some drivers e.g. sptd.sys.



"I dont see the tool bar present."
disgnostic scan like OTL should see files created in the last 30 days which we can removed.



Alternatively, you can use ComboFix and show us the log. If it won't remove in its first run we cn remove it using a script.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35717973
Scour.com is a search engine that takes yahoo, google, and bing results and the combines them for display. Scour.com products are not spyware, they are known as adware redirects.

Did you check your programs folder for the scour Uninstall program? All this does is hook dnsapi.dll and redirect you when a google search is found in the hooked query.

Also I would check your search provider that IE uses for searches providers and check for a res://<some folder path>/some.dll?some.html?#<random numbers> or {SearchQuery} as the entry. if you find a random dll file there as a search provider that may be the cause of your concern.  
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35718025
If you don't want to use any of the programs that's already been suggested, you can try this one and see if ScourToolbar or any programs belonging to Scour.com shows up so you can let RevoUninstaller remove it as some apps don't always show up in Add/Remove list.

http://www.revouninstaller.com/
0
 

Author Comment

by:deklinm
ID: 35722381
TDSkiller log is below

2011/05/09 13:44:36.0640 1172      TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16
2011/05/09 13:44:37.0218 1172      ================================================================================
2011/05/09 13:44:37.0218 1172      SystemInfo:
2011/05/09 13:44:37.0218 1172      
2011/05/09 13:44:37.0218 1172      OS Version: 5.1.2600 ServicePack: 3.0
2011/05/09 13:44:37.0218 1172      Product type: Workstation
2011/05/09 13:44:37.0218 1172      ComputerName: IWC
2011/05/09 13:44:37.0218 1172      UserName: deklin
2011/05/09 13:44:37.0218 1172      Windows directory: C:\WINDOWS
2011/05/09 13:44:37.0218 1172      System windows directory: C:\WINDOWS
2011/05/09 13:44:37.0218 1172      Processor architecture: Intel x86
2011/05/09 13:44:37.0218 1172      Number of processors: 2
2011/05/09 13:44:37.0218 1172      Page size: 0x1000
2011/05/09 13:44:37.0218 1172      Boot type: Normal boot
2011/05/09 13:44:37.0218 1172      ================================================================================
2011/05/09 13:44:37.0546 1172      Initialize success
2011/05/09 13:44:41.0828 5664      ================================================================================
2011/05/09 13:44:41.0828 5664      Scan started
2011/05/09 13:44:41.0828 5664      Mode: Manual;
2011/05/09 13:44:41.0828 5664      ================================================================================
2011/05/09 13:44:43.0234 5664      ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/09 13:44:43.0312 5664      ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/09 13:44:43.0390 5664      acsint          (d2c5c56dd26386efa289ea0b92eadfd2) C:\WINDOWS\system32\DRIVERS\acsint.sys
2011/05/09 13:44:43.0421 5664      acsmux          (45d6057452eafe7ac27cab55a0fed296) C:\WINDOWS\system32\DRIVERS\acsmux.sys
2011/05/09 13:44:43.0484 5664      ADIHdAudAddService (307f5e03b02a3022d664c36d1ea25f2c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/09 13:44:43.0562 5664      aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/09 13:44:43.0593 5664      AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/09 13:44:43.0828 5664      ASPI            (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/05/09 13:44:43.0875 5664      AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/09 13:44:43.0890 5664      atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/09 13:44:44.0046 5664      ati2mtag        (90db85c8075e9ed2a9dee3b4d98fef4b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/09 13:44:44.0125 5664      Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/09 13:44:44.0171 5664      audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/09 13:44:44.0234 5664      BASFND          (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/05/09 13:44:44.0281 5664      Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/09 13:44:44.0421 5664      BHDrvx86        (925a191c8c06124426c63ceb2ea93085) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys
2011/05/09 13:44:44.0500 5664      BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
2011/05/09 13:44:44.0531 5664      cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/09 13:44:44.0656 5664      ccHP            (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
2011/05/09 13:44:44.0734 5664      Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/09 13:44:44.0750 5664      Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/09 13:44:44.0781 5664      Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/09 13:44:44.0921 5664      Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/09 13:44:44.0984 5664      dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/09 13:44:45.0015 5664      dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/09 13:44:45.0031 5664      dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/09 13:44:45.0078 5664      DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/09 13:44:45.0156 5664      drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/09 13:44:45.0187 5664      e1express       (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/09 13:44:45.0250 5664      eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/09 13:44:45.0281 5664      EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/09 13:44:45.0343 5664      Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/09 13:44:45.0406 5664      Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/09 13:44:45.0421 5664      Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/09 13:44:45.0500 5664      Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/09 13:44:45.0531 5664      FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/09 13:44:45.0578 5664      Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/09 13:44:45.0593 5664      Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/09 13:44:45.0640 5664      GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/09 13:44:45.0671 5664      Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/09 13:44:45.0703 5664      HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/09 13:44:45.0734 5664      HECI            (0bf1d760b05caaaf231123d53c4789e2) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/05/09 13:44:45.0781 5664      hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/09 13:44:45.0859 5664      HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/09 13:44:45.0937 5664      i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/05/09 13:44:45.0984 5664      iastor          (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iastor.sys
2011/05/09 13:44:46.0078 5664      IDSxpx86        (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110506.001\IDSxpx86.sys
2011/05/09 13:44:46.0109 5664      Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/09 13:44:46.0171 5664      intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/09 13:44:46.0203 5664      Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/09 13:44:46.0234 5664      IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/09 13:44:46.0250 5664      IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/09 13:44:46.0281 5664      IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/09 13:44:46.0312 5664      IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/09 13:44:46.0328 5664      IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/09 13:44:46.0375 5664      isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/09 13:44:46.0421 5664      Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/09 13:44:46.0437 5664      kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/09 13:44:46.0484 5664      kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/09 13:44:46.0531 5664      KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/09 13:44:46.0703 5664      LMIInfo         (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/05/09 13:44:46.0765 5664      lmimirr         (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/05/09 13:44:46.0796 5664      LMIRfsDriver    (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/05/09 13:44:46.0875 5664      mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/09 13:44:46.0906 5664      Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/09 13:44:46.0968 5664      motccgp         (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/05/09 13:44:47.0000 5664      motccgpfl       (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/05/09 13:44:47.0062 5664      motmodem        (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/05/09 13:44:47.0093 5664      MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
2011/05/09 13:44:47.0156 5664      Motousbnet      (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
2011/05/09 13:44:47.0187 5664      motusbdevice    (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
2011/05/09 13:44:47.0218 5664      Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/09 13:44:47.0265 5664      mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/09 13:44:47.0281 5664      MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/09 13:44:47.0312 5664      MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/09 13:44:47.0375 5664      MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/09 13:44:47.0437 5664      Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/09 13:44:47.0484 5664      MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/09 13:44:47.0515 5664      MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/09 13:44:47.0546 5664      MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/09 13:44:47.0578 5664      mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/09 13:44:47.0609 5664      Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/09 13:44:47.0718 5664      NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110508.003\NAVENG.SYS
2011/05/09 13:44:47.0765 5664      NAVEX15         (b3916eeec738dd4178f4fd6a44a32e36) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110508.003\NAVEX15.SYS
2011/05/09 13:44:47.0828 5664      NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/09 13:44:47.0843 5664      NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/09 13:44:47.0875 5664      Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/09 13:44:47.0906 5664      NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/09 13:44:47.0937 5664      NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/09 13:44:48.0000 5664      NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/09 13:44:48.0031 5664      NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/09 13:44:48.0093 5664      Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/09 13:44:48.0109 5664      Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/09 13:44:48.0187 5664      Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/09 13:44:48.0234 5664      NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/09 13:44:48.0265 5664      NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/09 13:44:48.0296 5664      Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/09 13:44:48.0328 5664      PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/09 13:44:48.0375 5664      ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/09 13:44:48.0437 5664      PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/09 13:44:48.0484 5664      PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/09 13:44:48.0500 5664      Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/09 13:44:48.0687 5664      PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/09 13:44:48.0718 5664      PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/09 13:44:48.0750 5664      Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/09 13:44:48.0875 5664      radpms          (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys
2011/05/09 13:44:48.0906 5664      RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/09 13:44:48.0937 5664      Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/09 13:44:48.0953 5664      RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/09 13:44:48.0984 5664      Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/09 13:44:49.0000 5664      Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/09 13:44:49.0031 5664      RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/09 13:44:49.0078 5664      rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/09 13:44:49.0125 5664      RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/09 13:44:49.0171 5664      redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/09 13:44:49.0250 5664      Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/09 13:44:49.0296 5664      serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/09 13:44:49.0312 5664      Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/09 13:44:49.0375 5664      Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/09 13:44:49.0468 5664      splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/09 13:44:49.0500 5664      sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/09 13:44:49.0609 5664      SRTSP           (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
2011/05/09 13:44:49.0640 5664      SRTSPX          (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
2011/05/09 13:44:49.0656 5664      Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/09 13:44:49.0734 5664      swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/09 13:44:49.0765 5664      swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/09 13:44:49.0812 5664      SymDS           (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
2011/05/09 13:44:49.0843 5664      SymEFA          (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
2011/05/09 13:44:49.0875 5664      SymEvent        (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/09 13:44:49.0921 5664      SymIRON         (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
2011/05/09 13:44:49.0953 5664      SYMTDI          (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
2011/05/09 13:44:50.0015 5664      sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/09 13:44:50.0046 5664      Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/09 13:44:50.0078 5664      TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/09 13:44:50.0125 5664      TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/09 13:44:50.0156 5664      TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/09 13:44:50.0234 5664      Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/09 13:44:50.0281 5664      Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/09 13:44:50.0375 5664      USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/09 13:44:50.0421 5664      usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/09 13:44:50.0468 5664      usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/09 13:44:50.0515 5664      usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/09 13:44:50.0546 5664      usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/09 13:44:50.0593 5664      USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/09 13:44:50.0625 5664      usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/09 13:44:50.0656 5664      VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/09 13:44:50.0718 5664      VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/09 13:44:50.0796 5664      vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys
2011/05/09 13:44:50.0875 5664      Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/09 13:44:50.0937 5664      Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/09 13:44:50.0984 5664      wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/09 13:44:51.0093 5664      WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/09 13:44:51.0156 5664      WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/09 13:44:51.0187 5664      WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/09 13:44:51.0343 5664      ================================================================================
2011/05/09 13:44:51.0343 5664      Scan finished
2011/05/09 13:44:51.0343 5664      ================================================================================
0
 

Author Comment

by:deklinm
ID: 35722489
THe OTL Log

OTL logfile created on: 5/9/2011 1:47:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\deklin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 402.92 Gb Free Space | 43.26% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 880.81 Gb Free Space | 94.56% Space Free | Partition Type: NTFS
 
Computer Name: IWC | User Name: deklin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/05/09 13:46:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deklin\Desktop\OTL.exe
PRC - [2011/01/11 09:12:19 | 000,518,392 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011/01/11 09:07:27 | 000,431,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/07/02 14:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2010/07/02 14:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/06/01 11:03:24 | 000,226,696 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/12/01 12:43:26 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2009/12/01 12:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 12:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/10/16 11:58:52 | 000,116,016 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2009/03/21 18:51:38 | 000,576,176 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/08 19:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [1999/09/15 00:23:00 | 000,229,432 | ---- | M] (Lotus Development Corporation) -- C:\lotus\organize\easyclip6.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/05/09 13:46:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deklin\Desktop\OTL.exe
MOD - [2010/12/08 14:11:40 | 000,202,112 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIhook.000.dll
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2009/03/17 20:27:32 | 000,047,792 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusionHookx86.dll
MOD - [2008/04/14 03:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/14 03:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll
MOD - [2008/04/14 03:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 03:00:00 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll
MOD - [2008/04/14 03:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 03:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/14 03:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetmib1.dll
MOD - [2008/04/14 03:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 03:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmpapi.dll
MOD - [2008/04/14 03:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 03:00:00 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rassapi.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/01/11 09:07:27 | 000,431,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/24 13:11:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/06/01 11:03:24 | 000,226,696 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/12/01 12:43:26 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2009/12/01 12:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/01 12:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/16 11:58:52 | 000,116,016 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2005/03/08 19:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 04:00:10 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110508.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 04:00:09 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110508.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110506.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/01/11 08:54:07 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2011/01/11 08:53:51 | 000,046,480 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2011/01/11 08:53:51 | 000,036,624 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/12/01 00:00:49 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/24 03:25:18 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/24 03:20:42 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/18 16:54:50 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/09/18 16:32:06 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/04/10 12:32:34 | 003,006,976 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2003/04/24 15:21:50 | 000,006,025 | R--- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/07/24 15:21:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/07/24 03:20:51 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {184E2CDF-045B-50C0-7EB4-279B720066B7} - C:\WINDOWS\system32\kbdnne.dll (OYKmeNfW BSomCS)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - c:\lotus\organize\iehelper.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AnyConnect SMC] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
O4 - Startup: C:\Documents and Settings\deklin\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://xxxx.cpxinteractive.com/CACHE/stc/3/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279954359687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {BBAC0044-DAF5-4E63-A23A-AC110C8494C1} https://10.4.51.19/Applications/dellUI/OCX/DELLIDRACView_3.0_x86.cab (DELL IDRAC AVCView_3.0_x86)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cpxsupport.webex.com/client/T27LC/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: iLO 2 Remote Console Applet https://10.1.52.54/dvc.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\deklin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deklin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/24 02:27:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{97c64247-aefb-11df-87b3-00059a3c7a00}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O33 - MountPoints2\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\Shell - "" = AutoRun
O33 - MountPoints2\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{bf6598ba-99c0-11df-87ab-00059a3c7a00}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\Shell - "" = AutoRun
O33 - MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/05/09 13:46:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deklin\Desktop\OTL.exe
[2011/05/09 13:44:19 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\deklin\Desktop\tdsskiller.exe
[2011/05/05 18:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\Emily Seiman
[2011/05/04 11:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\Cable Pics
[2011/04/29 13:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/29 13:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/29 13:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/27 22:25:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1000
[2011/04/22 03:02:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/21 12:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2011/04/21 12:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/04/21 11:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/04/21 11:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/21 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/04/21 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/04/21 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/04/21 11:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/04/21 11:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/04/21 11:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/04/21 11:55:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/04/21 11:54:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/04/21 11:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\Professional Plus
[2011/04/20 23:08:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1046
[2011/04/20 16:27:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/04/20 16:22:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/04/16 16:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotus SmartSuite
[2011/04/16 16:34:45 | 000,000,000 | ---D | C] -- C:\lotus
[2011/04/16 03:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/04/15 14:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Local Settings\Application Data\Microsoft Help
[2011/04/15 14:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/04/15 14:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free FLAC to MP3 Converter
[2011/04/15 14:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLAC to MP3 Converter
[2011/04/15 14:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\Lotus Files
[2011/04/15 13:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Converter Plus
[2011/04/15 13:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Converter Plus
[2011/04/15 13:42:50 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2011/04/15 13:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cucusoft Video Converter
[2011/04/15 13:41:34 | 000,364,544 | ---- | C] (Cucusoft Inc.) -- C:\WINDOWS\System32\cdg.dll
[2011/04/15 13:41:34 | 000,114,688 | ---- | C] (Cucusoft Inc.) -- C:\WINDOWS\System32\PropListCtrl.ocx
[2011/04/15 13:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/15 13:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC to MP3 Converter
[2011/04/15 13:30:01 | 000,022,528 | ---- | C] (Jukka Poikolainen Software) -- C:\WINDOWS\System32\WNASPI32.DLL
[2011/04/15 13:30:01 | 000,016,512 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/05/09 13:46:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deklin\Desktop\OTL.exe
[2011/05/09 13:44:27 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\deklin\Desktop\tdsskiller.exe
[2011/05/09 10:50:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/09 10:49:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/08 13:28:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 02:26:00 | 000,399,742 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\SKonica Col11042811111.pdf
[2011/05/08 02:15:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/05 18:30:47 | 000,002,044 | -H-- | M] () -- C:\Documents and Settings\deklin\My Documents\Default.rdp
[2011/05/04 22:25:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/04/29 13:45:39 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\deklin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/29 13:45:39 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\Spybot - Search & Destroy.lnk
[2011/04/29 13:41:45 | 001,879,603 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\mov2.mpg
[2011/04/29 13:19:59 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\applicationformembership.url
[2011/04/23 12:37:34 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\deklin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 03:21:38 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/21 12:03:56 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\deklin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/04/21 12:03:38 | 000,002,046 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\Microsoft Outlook 2010.lnk
[2011/04/21 03:20:38 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 03:20:38 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 03:02:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/16 16:35:14 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
[2011/04/15 14:32:36 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free FLAC to MP3 Converter.lnk
[2011/04/15 13:46:25 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\Audio Converter Plus.lnk
[2011/04/15 13:41:39 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\Cucusoft Ultimate DVD + Video Converter Suite.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/05/08 13:28:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 02:26:00 | 000,399,742 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\SKonica Col11042811111.pdf
[2011/04/29 13:45:39 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\deklin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/29 13:45:39 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Spybot - Search & Destroy.lnk
[2011/04/29 13:41:44 | 001,879,603 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\mov2.mpg
[2011/04/29 13:19:59 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\applicationformembership.url
[2011/04/21 12:03:56 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\deklin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/04/21 12:03:38 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Microsoft Outlook 2010.lnk
[2011/04/20 23:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/04/19 00:05:34 | 002,993,446 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Gregg.jpg
[2011/04/16 16:35:14 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
[2011/04/15 14:32:36 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free FLAC to MP3 Converter.lnk
[2011/04/15 14:06:07 | 000,071,734 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\untitled.bmp
[2011/04/15 13:46:25 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Audio Converter Plus.lnk
[2011/04/15 13:41:39 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Cucusoft Ultimate DVD + Video Converter Suite.lnk
[2011/04/15 13:41:38 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2011/04/15 13:41:38 | 002,174,976 | ---- | C] () -- C:\WINDOWS\System32\ffdshow.ax
[2011/04/15 13:41:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2011/04/15 13:41:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/04/15 13:41:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/04/15 13:41:38 | 000,034,820 | ---- | C] () -- C:\WINDOWS\System32\ffdshow.reg
[2011/04/15 13:41:34 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\vampd.ax
[2011/04/15 13:41:34 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2011/04/15 13:41:34 | 000,014,909 | ---- | C] () -- C:\WINDOWS\System32\A_reg.reg
[2011/01/09 03:16:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/24 14:55:41 | 000,038,438 | ---- | C] () -- C:\Documents and Settings\deklin\Application Data\Comma Separated Values (Windows).ADR
[2010/07/31 10:05:18 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/07/25 00:11:28 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\deklin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 13:32:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/07/24 13:18:01 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/07/24 13:17:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/07/24 13:17:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/24 13:17:26 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/07/24 13:17:26 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/07/24 13:17:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/07/24 13:17:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/07/24 03:12:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 02:43:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/24 02:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/24 02:26:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/23 22:23:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/23 22:22:47 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/04/14 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 03:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 03:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2005/04/15 07:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 07:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1998/01/13 00:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/03/18 11:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/07/24 13:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/03/11 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2011/05/09 08:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/15 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/01 11:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/11 12:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deklin\Application Data\acccore
[2010/08/11 12:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deklin\Application Data\AIM
[2010/08/11 12:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deklin\Application Data\AIMPro
[2010/08/06 23:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deklin\Application Data\Binary Fortress Software
[2011/01/09 15:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deklin\Application Data\Dropbox
[2011/03/11 02:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deklin\Application Data\eFax Messenger
[2011/01/09 03:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deklin\Application Data\GetRightToGo
[2011/03/11 02:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\deklin\Application Data\j2 Global
[2011/05/04 22:25:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35725594
By the way, check what's inside of this folder below, just curious.
C:\WINDOWS\System32\1000

The OTL log shows a lot of empty folders? For example Spybot - Search & Destroy folder shows empty, so is FLAC to MP3 Converter, or maybe OTL is just not seeing the files.



Run OTL

•Under the Custom Scans/Fixes box at the bottom, paste in the following
---------------------------------

:OTL
O33 - MountPoints2\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\Shell - "" = AutoRun
O33 - MountPoints2\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf6598ba-99c0-11df-87ab-00059a3c7a00}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\Shell - "" = AutoRun
O33 - MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\Shell\AutoRun\command - "" = E:\setup.exe -a
[2011/05/04 22:25:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/04/23 12:37:34 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\deklin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 23:08:18 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/07/31 10:05:18 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/07/25 00:11:28 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\deklin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

---------------------------------


•Then click the Run Fix button at the top
•Let the program run unhindered, reboot the PC when it is done


Can you try running ComboFix and also show us the log?
0
 

Author Comment

by:deklinm
ID: 35726098
C:\WINDOWS\System32\1000  has a file name inf1000.dat

I ran the custom OTL Scan.  It took and  rebooted

The post process run log is below

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf6598b8-99c0-11df-87ab-00059a3c7a00}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf6598ba-99c0-11df-87ab-00059a3c7a00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf6598ba-99c0-11df-87ab-00059a3c7a00}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04ff327-b565-11df-87b5-00059a3c7a00}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04ff327-b565-11df-87b5-00059a3c7a00}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f04ff327-b565-11df-87b5-00059a3c7a00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f04ff327-b565-11df-87b5-00059a3c7a00}\ not found.
File E:\setup.exe -a not found.
C:\WINDOWS\tasks\At1.job moved successfully.
File C:\Documents and Settings\deklin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
File C:\WINDOWS\tasks\At1.job not found.
C:\WINDOWS\jestertb.dll moved successfully.
File C:\Documents and Settings\deklin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\deklin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\deklin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: deklin
->Temp folder emptied: 24937852 bytes
->Temporary Internet Files folder emptied: 48627552 bytes
->Java cache emptied: 1466882 bytes
->Flash cache emptied: 63974 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3111500 bytes
%systemroot%\System32 .tmp files removed: 4532241 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1590622 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 115015006 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4294227281 bytes
 
Total Files Cleaned = 4,286.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: deklin
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: Test
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point (0)
 
OTL by OldTimer - Version 3.2.22.3 log created on 05092011_234748

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\VO8ID0GR\26844-15[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\VO8ID0GR\emily[1].html not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\VO8ID0GR\recoverlabel[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\VO8ID0GR\search[4].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\VO8ID0GR\set_panel[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\VO8ID0GR\succes[1].php not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\JSZ44FKV\google_com[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\JSZ44FKV\pixel[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\JSZ44FKV\sh41[1].html not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\JSZ44FKV\solutions[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\22560-9[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\cm_request[1].html not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\emily[1].html not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\google_com[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\if[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\nwshpCAWEMU71.htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\search[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\search[4].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\IZDTDYG6\ServiceLogin[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\5Q4N13IE\22560-2[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\5Q4N13IE\ddc[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\5Q4N13IE\embed[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\5Q4N13IE\google_com[2].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\5Q4N13IE\info[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\5Q4N13IE\nike-team-sports[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\5Q4N13IE\osama-binladen-death-pakistan-pm-inquiry[1].htm not found!
File\Folder C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\Content.IE5\5Q4N13IE\rubicon_sync[1].htm not found!
C:\Documents and Settings\deklin\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_100.dat not found!

Registry entries deleted on Reboot...

I also ran combofix and the log is below

ComboFix 11-05-09.02 - deklin 05/10/2011   0:04.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2030.1282 [GMT -4:00]
Running from: c:\documents and settings\deklin\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\deklin\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-10 to 2011-05-10  )))))))))))))))))))))))))))))))
.
.
2011-05-10 03:47 . 2011-05-10 03:47      --------      d-----w-      C:\_OTL
2011-04-29 17:45 . 2011-04-29 22:51      --------      d-----w-      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-29 17:45 . 2011-04-29 17:49      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2011-04-28 02:25 . 2011-04-28 02:25      --------      d-----w-      c:\windows\system32\1000
2011-04-21 15:58 . 2011-04-21 15:58      --------      d-----w-      c:\program files\Microsoft Synchronization Services
2011-04-21 15:58 . 2011-04-21 15:58      --------      d-----w-      c:\program files\Microsoft.NET
2011-04-21 15:58 . 2011-04-21 15:58      --------      d-----w-      c:\program files\Microsoft Sync Framework
2011-04-21 15:58 . 2011-04-21 15:58      --------      d-----w-      c:\program files\Microsoft SQL Server Compact Edition
2011-04-21 15:58 . 2011-04-21 15:58      --------      d-----w-      c:\documents and settings\All Users\Microsoft
2011-04-21 15:56 . 2011-04-21 15:56      --------      d-----w-      c:\program files\Microsoft Visual Studio 8
2011-04-21 15:55 . 2011-04-21 15:55      --------      d-----w-      c:\program files\Microsoft Analysis Services
2011-04-21 15:55 . 2011-04-21 16:00      --------      d-----w-      c:\windows\SHELLNEW
2011-04-21 15:54 . 2011-04-21 15:54      --------      d-----r-      C:\MSOCache
2011-04-21 03:28 . 2006-10-26 23:56      33104      ----a-w-      c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-04-21 03:27 . 2006-10-26 23:56      32592      ----a-w-      c:\windows\system32\msonpmon.dll
2011-04-21 03:08 . 2011-04-21 03:08      --------      d-----w-      c:\windows\system32\1046
2011-04-20 20:27 . 2011-04-21 15:50      --------      d-----w-      c:\windows\SxsCaPendDel
2011-04-16 20:34 . 2011-04-16 20:35      --------      d-----w-      C:\lotus
2011-04-16 07:33 . 2011-04-16 07:33      --------      d-sh--w-      c:\documents and settings\NetworkService\IETldCache
2011-04-16 07:01 . 2011-04-16 07:01      --------      d-----w-      c:\program files\MSXML 4.0
2011-04-15 20:01 . 2009-08-06 23:23      215920      ----a-w-      c:\windows\system32\muweb.dll
2011-04-15 20:01 . 2009-08-06 23:23      274288      ----a-w-      c:\windows\system32\mucltui.dll
2011-04-15 18:48 . 2011-04-15 18:48      --------      d-----w-      c:\documents and settings\deklin\Local Settings\Application Data\Microsoft Help
2011-04-15 18:48 . 2011-04-22 07:04      --------      d-----w-      c:\documents and settings\All Users\Application Data\Microsoft Help
2011-04-15 18:32 . 2011-04-15 18:32      --------      d-----w-      c:\program files\Free FLAC to MP3 Converter
2011-04-15 17:46 . 2011-04-15 17:46      --------      d-----w-      c:\program files\Audio Converter Plus
2011-04-15 17:42 . 2011-04-15 17:42      --------      d-----w-      C:\ConverterOutput
2011-04-15 17:41 . 2007-03-26 01:40      2174976      ----a-w-      c:\windows\system32\ffdshow.ax
2011-04-15 17:41 . 2007-03-25 04:51      404480      ----a-w-      c:\windows\system32\libmplayer.dll
2011-04-15 17:41 . 2007-03-25 04:51      3049984      ----a-w-      c:\windows\system32\libavcodec.dll
2011-04-15 17:41 . 2007-03-25 04:51      114688      ----a-w-      c:\windows\system32\libmpeg2_ff.dll
2011-04-15 17:41 . 2007-01-01 09:30      200704      ----a-w-      c:\windows\system32\TomsMoComp_ff.dll
2011-04-15 17:41 . 2004-09-10 17:50      34820      ----a-w-      c:\windows\system32\ffdshow.reg
2011-04-15 17:41 . 2008-01-26 01:06      364544      ----a-w-      c:\windows\system32\cdg.dll
2011-04-15 17:41 . 2006-09-27 21:46      348160      ----a-w-      c:\windows\system32\cdga.dll
2011-04-15 17:41 . 2006-09-11 08:13      409600      ----a-w-      c:\windows\system32\vampd.ax
2011-04-15 17:41 . 2006-07-18 01:42      14909      ----a-w-      c:\windows\system32\A_reg.reg
2011-04-15 17:41 . 2006-07-08 08:07      114688      ----a-w-      c:\windows\system32\PropListCtrl.ocx
2011-04-15 17:33 . 2011-04-15 17:33      --------      d-----w-      c:\documents and settings\All Users\Application Data\TEMP
2011-04-15 17:33 . 2011-04-15 17:34      --------      d-----w-      c:\program files\FLAC to MP3 Converter
2011-04-15 17:30 . 2002-07-17 13:05      16512      ----a-w-      c:\windows\system32\drivers\ASPI32.SYS
2011-04-15 17:30 . 2001-03-18 01:34      22528      ----a-w-      c:\windows\system32\WNASPI32.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2010-07-24 06:26      692736      ----a-w-      c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 07:00      420864      ----a-w-      c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 07:00      1857920      ----a-w-      c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 07:00      916480      ----a-w-      c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 07:00      43520      ----a-w-      c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 07:00      1469440      ------w-      c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 07:00      385024      ----a-w-      c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 07:00      455936      ----a-w-      c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 07:00      357888      ----a-w-      c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-24 06:58      5120      ----a-w-      c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 07:00      290432      ----a-w-      c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 07:00      270848      ----a-w-      c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 07:00      186880      ----a-w-      c:\windows\system32\encdec.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{184E2CDF-045B-50C0-7EB4-279B720066B7}]
2008-04-14 07:00      155136      ----a-w-      c:\windows\system32\kbdnne.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2009-03-21 576176]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"AnyConnect SMC"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-01-11 518392]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\documents and settings\deklin\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip6.exe [1999-9-15 229432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-07-24 17:11      10536      ----a-w-      c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11      87424      ----a-w-      c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37      932288      ----a-w-      c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04      35760      ----a-w-      c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
2007-10-09 07:45      5043528      ----a-w-      c:\program files\AIM\AIM Pro\aimpro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2009-12-01 16:43      401408      ----a-w-      c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 13:12      90112      ----a-w-      c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2010-06-01 15:03      886152      ----a-w-      c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLQLU]
2010-06-01 15:03      1127744      ----a-w-      c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLUPDR]
2010-06-01 15:03      566680      ----a-w-      c:\program files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59      421160      ----a-w-      c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17      421888      ----a-w-      c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-06-22 18:21      1044480      ----a-w-      c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/29/2010 1:50 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/29/2010 1:50 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [5/3/2011 4:00 AM 802936]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/29/2010 1:50 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/29/2010 1:50 AM 116784]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/8/2005 7:46 PM 61440]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [10/23/2010 10:47 PM 226696]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/28/2010 10:30 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [9/3/2010 2:32 PM 91456]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/29/2010 1:50 AM 126392]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [7/24/2010 3:32 AM 2519040]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [1/11/2011 9:07 AM 431864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/16/2011 4:00 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110506.001\IDSXpx86.sys [5/7/2011 4:03 AM 341944]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [5/18/2010 4:54 PM 13408]
S0 cerc6;cerc6; [x]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [3/18/2011 11:25 AM 36624]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [3/18/2011 11:25 AM 46480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/15/2011 1:30 PM 16512]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [9/3/2010 2:32 PM 6016]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/3/2010 2:32 PM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/3/2010 2:32 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [9/3/2010 2:32 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [9/3/2010 2:32 PM 9472]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper      REG_MULTI_SZ         getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll
DPF: iLO 2 Remote Console Applet - hxxps://10.1.52.54/dvc.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://xxxx.cpxinteractive.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: {BBAC0044-DAF5-4E63-A23A-AC110C8494C1} - hxxps://10.4.51.19/Applications/dellUI/OCX/DELLIDRACView_3.0_x86.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 00:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
@="Internet Explorer Version Update"
"ComponentID"="IEUDINIT"
"DontAsk"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ieudinit.exe"
"Version"="8,0,6001,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"DontAsk"=dword:00000002
"Version"="11,0,5721,5145"
"IsInstalled"=dword:00000000
"Stubpath"="c:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"
@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"ComponentID"="IEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -UserIconConfig"
"Version"="8,0,6001,18702"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-21"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"IsInstalled"=dword:00000001
"Locale"="*"
"LocalizedName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3052"
"StubPath"="\"c:\\WINDOWS\\system32\\rundll32.exe\" \"c:\\WINDOWS\\system32\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
@="Browser Customizations"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"Version"="6,0,2900,5512"
"Locale"="*"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
@="Outlook Express"
"ComponentID"="OEACCESS"
"Dontask"=dword:00000002
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"=expand:"%systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE"
"Version"="2,0,0,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files\\Java\\jre6\\bin\\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"
"Version"="6,0,2462,0001"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
@=""
"ComponentID"="NetShow"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="EN"
"StubPath"=""
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="ENU"
"StubPath"=""
"IsInstalled"=dword:00000001
@="Microsoft Windows Media Player 6.4"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
@="DirectAnimation"
"IsInstalled"=dword:00000001
"Version"="6,0,3,531"
"Locale"="EN"
"ComponentID"="DirectAnimation"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="EN"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,7"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,7,0,0320"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"Version"="8,0,6001,18702"
@="Offline Browsing Pack"
"ComponentID"="MobilePk"
"IsInstalled"=dword:00000001
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
@="Uniscribe"
"ComponentID"="USP10"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,397,2406,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
@="Advanced Authoring"
"ComponentID"="AdvAuth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,2900,5512"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"Version"="6,0,2900,5512"
@="Microsoft Outlook Express 6"
"IsInstalled"=dword:00000001
"Locale"="EN"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"IsInstalled"=hex:01,00,00,00
"Version"="4,4,0,3400"
"Locale"="EN"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
@="DirectShow"
"ComponentID"="activemovie"
"IsInstalled"=dword:00000001
"DontAsk"=dword:00000002
"Locale"="EN"
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"ComponentID"="HelpCont"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,00,01,0223"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.8"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,8,6001,23141"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
@="Security Update for Windows XP (KB923789)"
"IsInstalled"=dword:00000001
"Version"="6,0,88,0"
"ComponentID"="KB923789"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="c:\\Program Files\\Messenger\\msmsgs.exe"
@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\msmsgs.inf,BLC.QuietInstall.PerUser"
"Locale"="EN"
"Version"="4,7,0,3000"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="5,00,2918,1900"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"Version"="8,0,6001,18702"
@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"IsInstalled"=dword:00000001
"Locale"="*"
"KeyFileName"="c:\\WINDOWS\\system32\\msieftp.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"DontAsk"=dword:00000002
"Locale"="ENU"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp11.inf,PerUserStub"
"IsInstalled"=dword:00000001
"Version"="11,0,5721,5145"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"ComponentID"="MSN_Auth"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,9,9,2"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"Version"="1,0,1,7"
@="Web Folders"
"Locale"="*"
"IsInstalled"=dword:00000001
"ComponentID"="WebFolders"
"StubPath"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"Version"="6,0,2600,0000"
@="Address Book 6"
"IsInstalled"=dword:00000001
"Locale"="EN"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\\Outlook Express\\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"Version"="6,0,2900,5512"
@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"Version"="8,0,6001,18702"
@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"="c:\\WINDOWS\\system32\\ie4uinit.exe -BaseSettings"
"LocalizedName"="@c:\\WINDOWS\\system32\\ie4uinit.exe.mui,-20"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"DontAsk"=dword:00000002
"StubPath"="c:\\WINDOWS\\system32\\Rundll32.exe c:\\WINDOWS\\system32\\mscories.dll,Install"
"IsInstalled"=dword:00000001
"ComponentID"="DOTNETFRAMEWORKS"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
"Version"="6,0,2800,5512"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"Locale"=""
"Version"="2,0,50727,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
"Locale"=""
"Version"="2,0,50727,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="8,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
@="Task Scheduler"
"ComponentID"="MSTASK"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1968,1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
"IsInstalled"=hex:01,00,00,00
"Version"="2,1,4026,0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@="Shockwave Flash"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="6,0,88,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"ComponentID"="HTMLHelp"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="6,0,6001,18702"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=hex:01,00,00,00
"Locale"="EN"
"Version"="5,0,00,0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'winlogon.exe'(2436)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2011-05-10  00:09:17
ComboFix-quarantined-files.txt  2011-05-10 04:09
.
Pre-Run: 437,014,896,640 bytes free
Post-Run: 436,972,036,096 bytes free
.
- - End Of File - - A9DA89982590AC3A5815AFC94AEE9BAB
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35726369
Run combofix again using this script.
 
1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:
------------------------------------------------------------------------

File::
c:\windows\system32\kbdnne.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{184E2CDF-045B-50C0-7EB4-279B720066B7}]



------------------------------------------------------------------------
3. Save the above as CFScript.txt in the same location as Combofix.exe.
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.
0
 

Author Comment

by:deklinm
ID: 35734394
I dragged the file and it starts and runs for a few seconds....then stops.  No log appears when its done.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 35735715
You could try uninstalling ComboFix, then re-installing, as follows:
Start > Run > then type "ComboFix /Uninstall" (with no quotes, and space between x and / )
Hit enter.  This will uninstall CF.

Then try a new download of ComboFix, and save to your Desktop, from here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ensure you disable any realtime Anti-virus, Anti-spyware, or Shields that you may have running before running it.
It may be necessary to rename ComboFix.exe again, before saving it to your desktop.

In case you need this one again >>
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35736003
It's not a good idea to uninstall ComboFix for the reason of downloading another copy....for that purpose you just need to delete combofix.exe, do not run the Uninstall command. There's a huge difference between the two.


There is no combofix log in the C:\? it is usually in the C:\ComboFix.txt


You can also just try running OTL again using the script below:

Run OTL
•Under the Custom Scans/Fixes box at the bottom, paste in the following
---------------------------------

:OTL
O2 - BHO: (Groove GFS Browser Helper) - {184E2CDF-045B-50C0-7EB4-279B720066B7} - C:\WINDOWS\system32\kbdnne.dll (OYKmeNfW BSomCS)

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

---------------------------------


•Then click the Run Fix button at the top
•Let the program run unhindered, reboot the PC when it is done





OR: You could try Avenger to delete that file and reg entry.


1. Please download The Avenger by Swandog46 to your Desktop.
http://swandog46.geekstogo.com/avenger.zip

   *Right Click on Avenger.zip to open the file
   *Extract avenger.exe to your desktop

2. Copy all the text between the lines below to your Clipboard by highlighting it and pressing (Ctrl+C): Make sure that the registry path is in one line and not cut-off.
---------------------------------------------

Files to delete:
c:\windows\system32\kbdnne.dll

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184E2CDF-045B-50C0-7EB4-279B720066B7}


---------------------------------------------

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.
0
 

Author Comment

by:deklinm
ID: 35750250
i re-ran OTL with the additional code.  THe log is below:

OTL logfile created on: 5/12/2011 4:37:11 PM - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\deklin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 406.86 Gb Free Space | 43.68% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 880.81 Gb Free Space | 94.56% Space Free | Partition Type: NTFS
Drive T: | 2746.14 Gb Total Space | 1725.19 Gb Free Space | 62.82% Space Free | Partition Type: NTFS
 
Computer Name: IWC | User Name: deklin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/05/09 13:46:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deklin\Desktop\OTL.exe
PRC - [2011/01/11 09:12:19 | 000,518,392 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011/01/11 09:07:27 | 000,431,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/07/02 14:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2010/07/02 14:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/06/01 11:03:24 | 000,226,696 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/12/01 12:43:26 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2009/12/01 12:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 12:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/10/16 11:58:52 | 000,116,016 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2009/03/21 18:51:38 | 000,576,176 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/08 19:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [1999/09/15 00:23:00 | 000,229,432 | ---- | M] (Lotus Development Corporation) -- C:\lotus\organize\easyclip6.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/05/09 13:46:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deklin\Desktop\OTL.exe
MOD - [2010/12/08 14:11:40 | 000,202,112 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIhook.000.dll
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2009/03/17 20:27:32 | 000,047,792 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusionHookx86.dll
MOD - [2008/04/14 03:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/14 03:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll
MOD - [2008/04/14 03:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 03:00:00 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll
MOD - [2008/04/14 03:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 03:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/14 03:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetmib1.dll
MOD - [2008/04/14 03:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 03:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmpapi.dll
MOD - [2008/04/14 03:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 03:00:00 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rassapi.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/01/11 09:07:27 | 000,431,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/24 13:11:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/06/01 11:03:24 | 000,226,696 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/12/01 12:43:26 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2009/12/01 12:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/01 12:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/16 11:58:52 | 000,116,016 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2005/03/08 19:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2011/05/10 04:00:10 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 04:00:10 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 04:00:10 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110511.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 04:00:09 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110511.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110511.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/01/11 08:54:07 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2011/01/11 08:53:51 | 000,046,480 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2011/01/11 08:53:51 | 000,036,624 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/07/24 03:20:42 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/18 16:54:50 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/09/18 16:32:06 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/04/10 12:32:34 | 003,006,976 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2003/04/24 15:21:50 | 000,006,025 | R--- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/07/24 15:21:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/07/24 03:20:51 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2011/05/10 00:07:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {184E2CDF-045B-50C0-7EB4-279B720066B7} - C:\WINDOWS\system32\kbdnne.dll (OYKmeNfW BSomCS)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - c:\lotus\organize\iehelper.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AnyConnect SMC] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
O4 - Startup: C:\Documents and Settings\deklin\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://xxxx.cpxinteractive.com/CACHE/stc/3/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279954359687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {BBAC0044-DAF5-4E63-A23A-AC110C8494C1} https://10.4.51.19/Applications/dellUI/OCX/DELLIDRACView_3.0_x86.cab (DELL IDRAC AVCView_3.0_x86)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cpxsupport.webex.com/client/T27LC/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: iLO 2 Remote Console Applet https://10.1.52.54/dvc.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\deklin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deklin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/24 02:27:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/05/11 22:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\PortQryUI
[2011/05/10 20:46:51 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/10 20:33:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/10 20:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\ComboFix
[2011/05/09 23:59:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/09 23:59:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/09 23:59:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/09 23:59:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/09 23:59:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/09 23:58:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/09 23:47:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/09 13:46:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deklin\Desktop\OTL.exe
[2011/05/09 13:44:19 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\deklin\Desktop\tdsskiller.exe
[2011/05/05 18:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\Emily Seiman
[2011/05/04 11:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\Cable Pics
[2011/04/29 13:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/29 13:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/29 13:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/27 22:25:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1000
[2011/04/21 12:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2011/04/21 12:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/04/21 11:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/04/21 11:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/21 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/04/21 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/04/21 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/04/21 11:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/04/21 11:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/04/21 11:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/04/21 11:55:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/04/21 11:54:32 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/04/21 11:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\Professional Plus
[2011/04/20 23:27:59 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2011/04/20 23:08:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1046
[2011/04/20 16:27:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/04/20 16:22:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/04/16 16:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotus SmartSuite
[2011/04/16 16:34:45 | 000,000,000 | ---D | C] -- C:\lotus
[2011/04/16 03:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/04/15 16:01:55 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/04/15 16:01:55 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/04/15 14:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Local Settings\Application Data\Microsoft Help
[2011/04/15 14:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/04/15 14:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free FLAC to MP3 Converter
[2011/04/15 14:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLAC to MP3 Converter
[2011/04/15 14:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deklin\Desktop\Lotus Files
[2011/04/15 13:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Converter Plus
[2011/04/15 13:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Converter Plus
[2011/04/15 13:42:50 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2011/04/15 13:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cucusoft Video Converter
[2011/04/15 13:41:34 | 000,364,544 | ---- | C] (Cucusoft Inc.) -- C:\WINDOWS\System32\cdg.dll
[2011/04/15 13:41:34 | 000,114,688 | ---- | C] (Cucusoft Inc.) -- C:\WINDOWS\System32\PropListCtrl.ocx
[2011/04/15 13:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/15 13:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\FLAC to MP3 Converter
[2011/04/15 13:30:01 | 000,022,528 | ---- | C] (Jukka Poikolainen Software) -- C:\WINDOWS\System32\WNASPI32.DLL
[2011/04/15 13:30:01 | 000,016,512 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/05/12 10:56:59 | 000,002,044 | -H-- | M] () -- C:\Documents and Settings\deklin\My Documents\Default.rdp
[2011/05/11 20:25:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/10 20:25:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/10 20:04:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/10 00:07:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/09 13:46:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deklin\Desktop\OTL.exe
[2011/05/09 13:44:27 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\deklin\Desktop\tdsskiller.exe
[2011/05/08 13:28:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 02:26:00 | 000,399,742 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\SKonica Col11042811111.pdf
[2011/04/29 13:45:39 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\deklin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/29 13:45:39 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\Spybot - Search & Destroy.lnk
[2011/04/29 13:41:45 | 001,879,603 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\mov2.mpg
[2011/04/29 13:19:59 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\applicationformembership.url
[2011/04/23 12:37:34 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\deklin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 03:21:38 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/21 12:03:56 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\deklin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/04/21 12:03:38 | 000,002,046 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\Microsoft Outlook 2010.lnk
[2011/04/21 03:20:38 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/21 03:20:38 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 03:02:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/16 16:35:14 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
[2011/04/15 14:32:36 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free FLAC to MP3 Converter.lnk
[2011/04/15 13:46:25 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\Audio Converter Plus.lnk
[2011/04/15 13:41:39 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\deklin\Desktop\Cucusoft Ultimate DVD + Video Converter Suite.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/05/09 23:59:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/09 23:59:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/09 23:59:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/09 23:59:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/09 23:59:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/08 13:28:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/08 02:26:00 | 000,399,742 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\SKonica Col11042811111.pdf
[2011/04/29 13:45:39 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\deklin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/29 13:45:39 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Spybot - Search & Destroy.lnk
[2011/04/29 13:41:44 | 001,879,603 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\mov2.mpg
[2011/04/29 13:19:59 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\applicationformembership.url
[2011/04/21 12:03:56 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\deklin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/04/21 12:03:38 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Microsoft Outlook 2010.lnk
[2011/04/19 00:05:34 | 002,993,446 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Gregg.jpg
[2011/04/16 16:35:14 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
[2011/04/15 14:32:36 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free FLAC to MP3 Converter.lnk
[2011/04/15 14:06:07 | 000,071,734 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\untitled.bmp
[2011/04/15 13:46:25 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Audio Converter Plus.lnk
[2011/04/15 13:41:39 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\deklin\Desktop\Cucusoft Ultimate DVD + Video Converter Suite.lnk
[2011/04/15 13:41:38 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2011/04/15 13:41:38 | 002,174,976 | ---- | C] () -- C:\WINDOWS\System32\ffdshow.ax
[2011/04/15 13:41:38 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2011/04/15 13:41:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/04/15 13:41:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/04/15 13:41:38 | 000,034,820 | ---- | C] () -- C:\WINDOWS\System32\ffdshow.reg
[2011/04/15 13:41:34 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\vampd.ax
[2011/04/15 13:41:34 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2011/04/15 13:41:34 | 000,014,909 | ---- | C] () -- C:\WINDOWS\System32\A_reg.reg
[2011/01/09 03:16:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/24 14:55:41 | 000,038,438 | ---- | C] () -- C:\Documents and Settings\deklin\Application Data\Comma Separated Values (Windows).ADR
[2010/07/25 00:11:28 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\deklin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 13:32:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/07/24 13:18:01 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/07/24 13:17:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/07/24 13:17:26 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/24 13:17:26 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/07/24 13:17:26 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/07/24 13:17:26 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/07/24 13:17:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/07/24 03:12:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 02:43:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/24 02:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/24 02:26:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/23 22:23:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/23 22:22:47 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/04/14 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 03:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 03:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2005/04/15 07:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 07:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1998/01/13 00:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< :OTL >[/color]
 
[color=#A23BEC]< O2 - BHO: (Groove GFS Browser Helper) - {184E2CDF-045B-50C0-7EB4-279B720066B7} - C:\WINDOWS\system32\kbdnne.dll (OYKmeNfW BSomCS) >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< :Files >[/color]
 
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]< :Commands >[/color]
 
[color=#A23BEC]< [purity] >[/color]
 
[color=#A23BEC]< [emptytemp] >[/color]
 
[color=#A23BEC]< [EMPTYFLASH] >[/color]
 
[color=#A23BEC]< [Reboot] >[/color]
 
[color=#A23BEC]<  >[/color]

< End of report >
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 35751702
OTL didn't do anything to the file and reg entry, still showing in the log.

Can you try Avenger?
0
 

Author Comment

by:deklinm
ID: 35762528
I ran avenger.  Below is the log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\kbdnne.dll" deleted successfully.
Registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184E2CDF-045B-50C0-7EB4-279B720066B7}" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 35762551
Does the PC still get redirected?
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 35762685
I am pretty sure you have modified version of skynet rootkit. This is one of the rootkits we have been studying lately. I wouldn't be susprised if this turns out positive. You need to run this specific rootkit scanner as this one should pick it up. http://sites.google.com/site/rootrepeal/
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question