Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ekm.exe Virus? [Closed]

Started by Shirleyj , Mar 24 2010 06:09 PM

  • This topic is locked This topic is locked

#1
Shirleyj
Posted 24 March 2010 - 06:09 PM

Shirleyj

    New Member

  • Member
  • Pip
  • 9 posts
Hi
My Computer has been running very slowly lately ad when I check the TaskManager this program(?) seems to be taking up all the available room.
This is my Hijack-this Log, can someone tell me if I have a problem and how to fix it?
I have read the ekm.exe is a virus on some websites and on others it doesn't seem to be sure.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:45 PM, on 3/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.co...rsun/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Nuance PDF Converter 5-reminder] "C:\Program Files\Nuance\PDF Converter 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance\PDF Converter 5\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Converter 5\cnvres_eng.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://design-concep...yerAX_Win32.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} (ilhtrapp Object) - http://dvrlink.net/w....2_32.0.0.0.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1221182324906
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...ivex-latest.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b7235fed5ee0) (gupdate1c9b7235fed5ee0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11688 bytes
  • 0

Advertisements

#2
mpascal
Posted 26 March 2010 - 03:24 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi Shirleyj,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Please follow the instructions found in the Malware and Spyware Cleaning Guide, and post back with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log
If you find you can't do one of the steps listed, simply make note of it and move on to the next one.
  • 0

#3
Shirleyj
Posted 26 March 2010 - 09:02 PM

Shirleyj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Mpascal
Thanks for taking the time to help.
MBAM scan
Malwarebytes' Anti-Malware 1.44
Database version: 3919
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/26/2010 7:52:48 PM
mbam-log-2010-03-26 (19-52-48).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 265191
Time elapsed: 3 hour(s), 0 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-26 19:57:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SHIRLE~2\LOCALS~1\Temp\fwxirpod.sys


---- System - GMER 1.0.15 ----

SSDT 83D4F8A0 ZwAssignProcessToJobObject
SSDT 83D4ECB0 ZwOpenProcess
SSDT 83D4F0D0 ZwOpenThread
SSDT 83D4F6D0 ZwSuspendProcess
SSDT 83D4F4F0 ZwSuspendThread
SSDT 83D4EEE0 ZwTerminateProcess
SSDT 83D4F310 ZwTerminateThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs ED427400

---- Threads - GMER 1.0.15 ----

Thread System [4:380] 83D4D930

---- EOF - GMER 1.0.15 ----

OTL txt did an Extras txt did not open
OTL txt

OTL logfile created on: 3/26/2010 5:52:39 PM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Shirley Jeboult\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 103.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 884 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 36.91 Gb Free Space | 49.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHIRLEY-4F4F324
Current User Name: Shirley Jeboult
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/26 16:51:36 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley Jeboult\Desktop\OTL.exe
PRC - [2010/02/12 06:21:01 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\My Documents\FTA\gmer\gmer.exe
PRC - [2009/04/09 16:19:08 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/04/09 16:17:56 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 17:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/04 05:54:09 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/10 15:19:02 | 001,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/03/06 13:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006/02/07 01:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2005/07/15 14:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2005/02/16 17:15:22 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/02/16 17:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/02/16 17:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/03/26 16:51:36 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley Jeboult\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/12 06:21:01 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/04/09 16:29:20 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/04/09 16:19:08 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/13 17:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007/02/10 15:19:02 | 001,174,664 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcrcoms.exe -- (lxcr_device)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.co...rsun/index.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search Powered by Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.5.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.2
FF - prefs.js..extensions.enabledItems: {0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}:5.9.907.30519
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/13 17:22:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/06 15:30:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/23 13:47:05 | 000,000,000 | ---D | M]

[2008/06/27 18:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Extensions
[2010/03/26 16:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions
[2009/09/19 13:39:30 | 000,000,000 | ---D | M] (Google Gadget Plugin) -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}
[2009/07/28 05:40:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 17:01:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/25 05:44:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009/06/27 15:19:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(3)
[2008/06/21 10:45:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2008/06/21 10:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2009/12/21 18:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\[email protected]
[2009/12/03 17:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\[email protected]
[2009/07/25 15:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\[email protected]
[2010/02/06 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\extensions\[email protected]
[2009/10/21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\Application Data\Mozilla\Firefox\Profiles\yz9ifol6.default\searchplugins\conduit.xml
[2010/03/26 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/10 17:06:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/02/10 17:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]

O1 HOSTS File: ([2007/09/23 13:34:35 | 000,183,622 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 www.wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 www.gueb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 www.kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 127.0.0.1 www.blue-elefant.com
O1 - Hosts: 6526 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [Nuance PDF Converter 5-reminder] C:\Program Files\Nuance\PDF Converter 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - C:\Program Files\Nuance\PDF Converter 5\cnvres_eng.dll ()
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concep...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Value error.)
O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} http://dvrlink.net/w....2_32.0.0.0.cab (ilhtrapp Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (Reg Error: Value error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1221182324906 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...ivex-latest.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.18 64.59.144.19
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shirley Jeboult\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shirley Jeboult\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/11 08:07:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/27 12:45:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/26 16:50:57 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shirley Jeboult\Desktop\OTL.exe
[2010/03/26 16:48:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/26 16:48:20 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/24 16:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/15 17:13:37 | 001,030,144 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.2.9.exe
[2010/03/15 17:13:36 | 000,432,640 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.2.9.scr
[2010/03/15 17:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.2.9
[2007/06/16 12:24:03 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2007/06/16 12:24:02 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2007/06/16 12:18:55 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2007/06/16 12:18:55 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2007/06/16 12:18:54 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2007/06/16 12:18:54 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2007/06/16 12:18:54 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2007/06/16 12:18:50 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2007/06/16 12:18:50 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2007/01/16 19:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/01/16 19:37:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/02/19 04:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2005/06/11 08:12:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/06/11 08:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/03/26 17:12:13 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\Scans.doc
[2010/03/26 17:07:54 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/26 17:07:51 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/26 17:03:20 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\Microsoft Office Word 2003.lnk
[2010/03/26 16:51:36 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley Jeboult\Desktop\OTL.exe
[2010/03/26 16:49:31 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\Shortcut to gmer.lnk
[2010/03/26 16:48:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/26 01:49:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/03/25 21:07:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/25 18:41:24 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\Microsoft Office Excel 2003.lnk
[2010/03/25 00:00:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoCare.job
[2010/03/24 17:28:09 | 000,138,470 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\My Documents\garagesale_RegistrationForm_2010.pdf
[2010/03/24 16:50:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\HijackThis.lnk
[2010/03/23 17:22:50 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\Microsoft Office Outlook 2003.lnk
[2010/03/22 20:57:43 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2509D42B-1E14-4D99-818D-13422020B622}.job
[2010/03/22 08:00:00 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/03/21 22:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/03/21 20:22:40 | 000,013,764 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/21 20:22:10 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/03/21 20:22:09 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\SpeedOptimizer Startup.job
[2010/03/21 20:22:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/21 20:22:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/21 20:22:01 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/21 20:07:18 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\ntuser.dat
[2010/03/21 20:07:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Shirley Jeboult\ntuser.ini
[2010/03/21 20:06:19 | 008,574,262 | -H-- | M] () -- C:\Documents and Settings\Shirley Jeboult\Local Settings\Application Data\IconCache.db
[2010/03/15 17:13:44 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\MyDefrag.lnk
[2010/03/14 16:48:52 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\Shirley Jeboult\My Documents\Cat Quotes.doc
[2010/03/14 16:10:05 | 000,452,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 16:10:05 | 000,076,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 16:10:04 | 000,539,228 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 16:09:35 | 000,001,214 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/14 16:09:35 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/14 16:09:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

========== Files Created - No Company Name ==========

[2010/03/26 17:11:57 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\Scans.doc
[2010/03/26 16:49:31 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\Shortcut to gmer.lnk
[2010/03/26 16:48:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/24 17:28:09 | 000,138,470 | ---- | C] () -- C:\Documents and Settings\Shirley Jeboult\My Documents\garagesale_RegistrationForm_2010.pdf
[2010/03/24 16:50:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Shirley Jeboult\Desktop\HijackThis.lnk
[2010/03/15 17:13:44 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\MyDefrag.lnk
[2010/03/14 16:47:36 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\Shirley Jeboult\My Documents\Cat Quotes.doc
[2009/10/31 15:59:01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Shirley Jeboult\Local Settings\Application Data\housecall.guid.cache
[2009/06/15 17:48:26 | 000,000,230 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/05/19 06:05:14 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2009/01/18 18:12:48 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/11/11 13:11:51 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/11/11 13:11:51 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2008/04/13 07:02:04 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
[2007/12/24 15:52:26 | 000,000,059 | ---- | C] () -- C:\WINDOWS\SvSoftkey.INI
[2007/07/02 17:06:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/06/16 12:24:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2007/06/16 12:23:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2007/06/16 12:23:03 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2007/06/16 12:23:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2007/06/16 12:23:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2007/06/16 12:22:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/06/16 12:22:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/06/16 12:18:56 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2007/03/31 16:38:15 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/11 09:17:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2007/02/11 09:06:28 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Shirley Jeboult\Local Settings\Application Data\fusioncache.dat
[2007/02/10 17:58:03 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Shirley Jeboult\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/10 17:02:12 | 000,000,083 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2007/02/10 13:17:50 | 000,003,026 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/02/10 13:17:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/02/10 10:25:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/10 09:34:48 | 000,027,651 | ---- | C] () -- C:\WINDOWS\System32\2kincp3.dll
[2006/02/28 05:00:00 | 000,031,745 | ---- | C] () -- C:\WINDOWS\System32\hhkncp3.dll
[2006/02/28 05:00:00 | 000,027,650 | ---- | C] () -- C:\WINDOWS\System32\su2kuni.dll
[2006/02/28 05:00:00 | 000,026,626 | ---- | C] () -- C:\WINDOWS\System32\knvep32.dll
[2006/02/28 05:00:00 | 000,026,625 | ---- | C] () -- C:\WINDOWS\System32\cpmeg32.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2009/01/18 18:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMMON FILES
[2008/09/20 09:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
[2009/04/11 13:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\fssg
[2009/02/22 08:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance
[2010/01/23 13:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Panda Security
[2009/09/19 13:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Panda Software
[2009/02/22 09:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
[2007/09/08 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SMSI
[2009/04/14 18:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedBit(2)
[2009/04/14 18:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedBit(3)
[2009/01/31 12:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SQL Anywhere 10
[2009/06/23 18:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/02/21 15:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\zeon
[2009/04/16 18:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/09/02 15:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/20 09:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\ESET
[2008/04/12 12:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\GrabIt
[2009/04/11 13:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\HouseCall 6.6
[2010/02/07 16:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Image Zone Express
[2009/11/11 07:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\IObit
[2009/02/15 08:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\OpenOffice.org
[2007/09/03 06:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Printer Info Cache
[2009/06/20 15:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\ScanSoft
[2009/04/14 18:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\SpeedBit(2)
[2009/03/21 08:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Uniblue
[2007/07/02 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\URSoft
[2010/03/21 20:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\uTorrent
[2009/02/21 15:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shirley Jeboult\Application Data\Zeon
[2010/03/25 00:00:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoCare.job
[2010/03/21 20:22:10 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2010/03/26 01:49:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2010/03/22 08:00:00 | 000,000,526 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2010/03/21 22:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/03/21 20:22:09 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedOptimizer Startup.job
[2010/03/22 20:57:43 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2509D42B-1E14-4D99-818D-13422020B622}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/01/31 19:11:09 | 000,000,000 | ---- | M] () -- C:\dotnetfx.exe


< MD5 for: AGP440.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/13 23:48:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/13 23:48:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2006/02/28 05:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/13 23:48:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/13 23:48:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/27 04:15:49 | 001,310,720 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/01/13 16:58:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/01/27 04:15:49 | 029,884,416 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/01/27 04:15:50 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CD060F93
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C4252FE0
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CB0AACC9
< End of report >
Thanks again.
  • 0

#4
mpascal
Posted 27 March 2010 - 12:20 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi Shirleyj,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
[2007/02/10 09:34:48 | 000,027,651 | ---- | C] () -- C:\WINDOWS\System32\2kincp3.dll
[2006/02/28 05:00:00 | 000,031,745 | ---- | C] () -- C:\WINDOWS\System32\hhkncp3.dll
[2006/02/28 05:00:00 | 000,027,650 | ---- | C] () -- C:\WINDOWS\System32\su2kuni.dll
[2006/02/28 05:00:00 | 000,026,626 | ---- | C] () -- C:\WINDOWS\System32\knvep32.dll
[2006/02/28 05:00:00 | 000,026,625 | ---- | C] () -- C:\WINDOWS\System32\cpmeg32.dll


:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#5
Shirleyj
Posted 27 March 2010 - 07:27 PM

Shirleyj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Second
Malwarebytes' Anti-Malware 1.44
Database version: 3921
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/27/2010 8:00:25 AM
mbam-log-2010-03-27 (08-00-24).txt

Scan type: Quick Scan
Objects scanned: 182201
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kaspersky scan
Came up totally blank after 5 hours of scanning.
Here it is but it is blank.
  • 0

#6
mpascal
Posted 28 March 2010 - 02:29 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
There doesn't appear to be any malware problems on your machine. Are you sure that it wasn't ekrn.exe taking up all your CPU? That is part of your anti-virus program.
  • 0

#7
mpascal
Posted 14 April 2010 - 12:39 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP