EasyScan virus

**CameronTs** · 01-01-2011

I recently got this EasyScan virus.
And most of the time id just reboot my computer in Safe Mood open up MBAM simply fix this problem.
But when i tried to reboot it went straight to BSOD.
I tried opening it up in safe mode... BSOD
Recent working setting.. BSOD

Nothing seems to be working and i cant fix it help please :/

**broni** · 02-01-2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== =======================================

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps HERE
Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

**CameronTs** · 03-01-2011

Yes i need some time im still trying to get a blank disc ill update you.

**broni** · 03-01-2011

No problem

Thanks for the update

**CameronTs** · 03-01-2011

OTL. LOG
OTL logfile created on: 1/3/2011 4:28:04 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 8.92 Gb Free Space | 11.99% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/11/28 13:29:53 | 001,175,556 | ---- | M] (NCH Software) [Auto] -- C:\Program Files\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/08 11:08:46 | 003,494,124 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/22 07:48:58 | 001,862,144 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/04/04 15:42:20 | 000,057,344 | ---- | M] (Avid Technology, Inc.) [Auto] -- C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe -- (FastTrackInstallerService)
SRV - [2006/03/01 12:44:38 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2005/12/02 10:20:46 | 000,049,152 | ---- | M] (M-Audio) [Auto] -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe -- (MAudioUSBService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Unavailable] -- -- (sstE45)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MA763010.sys -- (MA763010)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\l6dp.sys -- (L6DP)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\GPWADrv.sys -- (GPWADrv) Service for L6 GuitarPort Driver (WDM)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/01/06 17

00 | 000,594,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/02/08 12:27:39 | 000,031,104 | ---- | M] (Nemesis) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MA763003.sys -- (ma763003)
DRV - [2009/02/08 12:27:39 | 000,022,336 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbnp4x4.sys -- (USBNP4X4)
DRV - [2009/02/08 12:27:39 | 000,013,056 | ---- | M] (Nemesis) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MADFU003.sys -- (MADFU003)
DRV - [2008/11/28 17:13:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/10/01 11:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/03/05 15:13:32 | 005,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/12/08 23:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/16 11:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 11

26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/05/25 12:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/19 08:41:08 | 000,143,872 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/12/13 11:39:54 | 000,102,528 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mausb.sys -- (MAUSB) Service for M-Audio Fast Track Pro Driver (WDM)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 05:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/11/26 10:14:20 | 000,280,192 | R--- | M] (Midiman/M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/04/09 03:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\NSynas32.sys -- (Nsynas32)
DRV - [2000/01/08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = Dell Start Page
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Start Page
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = Dell
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Start Page
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\ CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Dell Search Page
IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK
IE - HKU\eric_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\eric_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\eric_ON_C\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\eric_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVe rsion\Internet Settings: "ProxyEnable" = 0
IE - HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVe rsion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\Extensions\\siterank er@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2010/05/30 21:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803E A-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~1\Crawler\Toolbar\firefox\ [2010/07/18 18:23:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/18 01:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 15:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2010/07/17 13:42:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2010/07/24 14:33:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/12/10 13:41:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/12/10 13:41:36 | 000,000,000 | ---D | M]

[2010/11/17 15:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (SporTV Toolbar) - {A298ED31-D405-40E2-880F-B7511948E582} - C:\Program Files\SporTV\tbSpo0.dll (Conduit Ltd.)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [BroadCam] C:\Program Files\NCH Software\BroadCam\broadcam.exe (NCH Software)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DeltTray] C:\WINDOWS\System32\delttray.exe (Doug Fetter Software Wizardry)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [JAMktV3] C:\Program Files\JAM KT v3\JAMktv3.exe File not found
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKU\eric_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\eric_ON_C..\Run: [MBXhgpUmtvtD.exe] C:\Documents and Settings\All Users\Application Data\MBXhgpUmtvtD.exe (msql software)
O4 - HKU\eric_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\eric_ON_C..\Run: [qTkEmDZEjq] C:\Documents and Settings\All Users\Application Data\qTkEmDZEjq.exe (mdisk Corp)
O4 - HKU\eric_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKU\eric_ON_C..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\eric_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK = File not found
O4 - Startup: C:\Documents and Settings\eric\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\eric_ON_C\SOFTWARE\Microsoft\Windows\CurrentVe rsion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\C urrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows \CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.jp/3drender/r...b.2007.4.4.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/04 17:09:07 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/27 14:54:12 | 000,002,360 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 15:19:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sstE45.sys
[2010/12/23 15:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\font
[2010/12/23 13:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_37
[2010/12/23 13:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_31
[2010/12/23 12:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\d3dx9_33
[2010/12/22 02

47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\My Documents\Vindictus
[2010/12/21 01:03:07 | 004,502,408 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\eric\My Documents\avg_isct_stb_all_2011_1170_free.exe
[2010/12/19 13:24:15 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Documents and Settings\eric\Desktop\gimp-2.6.11-i686-setup-1.exe
[2010/08/17 00:32:11 | 000,533,408 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.UI.dll
[2010/08/17 00:32:08 | 000,266,240 | ---- | C] (MySQL AB) -- C:\Documents and Settings\eric\MySql.Data.dll
[2010/08/17 00:32:04 | 001,270,688 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.Grid.dll
[2010/08/17 00:31:56 | 000,516,096 | ---- | C] (Xceed Software Inc.) -- C:\Documents and Settings\eric\Xceed.Editors.dll
[87 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/01 15:22:05 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\Easy Scan.lnk
[2011/01/01 15:19:31 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sstE45.sys
[2011/01/01 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/01 14:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/01 14:39:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-594646345-1494692193-2182967409-1005UA.job
[2010/12/31 23:05:02 | 004,947,414 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\Never Seen Your Face Melvin Williams.mp3
[2010/12/31 23:02:17 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2010/12/31 20:39:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-594646345-1494692193-2182967409-1005Core.job
[2010/12/31 10:53:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/30 16:50:25 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/29 15

00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/26 13:58:33 | 000,573,951 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\1219102154.jpg
[2010/12/25 20:20:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/24 22:29:51 | 000,000,056 | ---- | M] () -- C:\WINDOWS\kgt2k.INI
[2010/12/24 16:18:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/24 16:18:37 | 2145,017,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/23 15:50:31 | 000,205,833 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\font.zip
[2010/12/23 12:52:21 | 001,116,326 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_31.zip
[2010/12/23 12:46:22 | 001,716,794 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_37.zip
[2010/12/23 12:25:14 | 001,596,799 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\d3dx9_33.zip
[2010/12/22 03:16:09 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\eric\jagex_runescape_preferences2.dat
[2010/12/22 03:16:08 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\eric\jagex_runescape_preferences.dat
[2010/12/21 01:09:46 | 004,502,408 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\eric\My Documents\avg_isct_stb_all_2011_1170_free.exe
[2010/12/19 19:53:42 | 000,001,430 | ---- | M] () -- C:\WINDOWS\_isenv31.ini
[2010/12/19 19:53:42 | 000,000,521 | ---- | M] () -- C:\WINDOWS\_iserr31.ini
[2010/12/19 19:53:42 | 000,000,256 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010/12/19 13:29:22 | 000,004,448 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\panthericon.png
[2010/12/19 13:29:22 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\eric\.recently-used.xbel
[2010/12/19 13:26:57 | 000,003,896 | ---- | M] () -- C:\Documents and Settings\eric\My Documents\blackpantherj.png
[2010/12/19 13:24:28 | 020,367,424 | ---- | M] (The GIMP Team ) -- C:\Documents and Settings\eric\Desktop\gimp-2.6.11-i686-setup-1.exe
[2010/12/12 07:45:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\pixillionShakeIcon.job
[2010/12/12 07:45:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2010/12/12 07:45:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2010/12/08 09:03:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/04 17:09:07 | 000,000,053 | RHS- | M] () -- C:\autorun.inf
[87 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/01 15:22:05 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\Easy Scan.lnk
[2010/12/31 23:04:51 | 004,947,414 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\Never Seen Your Face Melvin Williams.mp3
[2010/12/31 23:02:16 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2010/12/26 13:58:33 | 000,573,951 | ---- | C] () -- C:\Documents and Settings\eric\Desktop\1219102154.jpg
[2010/12/24 00:12:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2010/12/23 15:48:57 | 000,205,833 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\font.zip
[2010/12/23 12:52:15 | 001,116,326 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_31.zip
[2010/12/23 12:46:21 | 001,716,794 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_37.zip
[2010/12/23 12:25:12 | 001,596,799 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\d3dx9_33.zip
[2010/12/19 19:53:42 | 000,001,430 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2010/12/19 19:53:42 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2010/12/19 19:53:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/12/19 18:57:58 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\T-RackS 24.lnk
[2010/12/19 13:29:22 | 000,004,448 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\panthericon.png
[2010/12/19 13:29:22 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\eric\.recently-used.xbel
[2010/12/19 13:26:56 | 000,003,896 | ---- | C] () -- C:\Documents and Settings\eric\My Documents\blackpantherj.png
[2010/12/06 07:45:32 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\pixillionShakeIcon.job
[2010/12/06 07:45:20 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2010/12/06 07:45:18 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2010/11/23 02:49:17 | 000,065,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/17 15:23:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/24 09:50:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\d392.sys
[2010/06/19 23:16:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\eric\jagex__preferences3.dat
[2009/12/29 21:35:56 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/29 21:35:56 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/29 21:35:56 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2009/12/29 21:35:56 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/12/29 21:35:56 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/29 21:35:56 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/12/29 21:35:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/12/29 21:35:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/29 21:35:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/12/29 21:35:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/12/29 21:35:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/12/29 21:35:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/12/29 21:35:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/29 21:35:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2009/12/29 21:35:56 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/12/29 21:35:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/12/29 21:35:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/12/29 21:35:56 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/12/29 21:35:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/29 11:01:30 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\eric\jagex_runescape_preferences2.dat
[2009/09/29 11:00:26 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\eric\jagex_runescape_preferences.dat
[2009/08/10 05:39:16 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/01/06 08:41:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/28 17:24:36 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/06/29 11:08:38 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/15 23:02:06 | 000,000,216 | ---- | C] () -- C:\WINDOWS\DIGIP12.INI
[2008/06/08 06:49:27 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\eric\SysInfo.txt
[2008/06/06 19:41:38 | 000,520,267 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2007/10/22 07:50:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/22 07:48:05 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/10/22 07:48:05 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/22 07:29:33 | 000,001,123 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:00:36 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/11 17:00:30 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/04 23:42:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2008/06/27 01:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DSound
[2008/06/27 06:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Steinberg
[2011/01/01 04:23:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\eric\Application Data\.#
[2010/11/25 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\.doomseeker
[2010/05/28 12:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Ableton
[2010/06/10 22:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\acccore
[2010/08/20 18:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Antares
[2010/11/06 09

57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Blender Foundation
[2009/01/11 02:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Cakewalk
[2010/11/24 13:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\CocoonSoftware
[2008/11/28 17:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\DAEMON Tools
[2009/01/31 20:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\DSound
[2010/12/19 13:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\gtk-2.0
[2010/05/30 21:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Inbox Toolbar
[2010/08/06 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Jasc
[2010/12/30 16:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\LimeWire
[2010/08/17 00:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\LPECommon
[2010/10/02 15:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Meltdown
[2010/07/29 22:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\netmarble
[2010/08/13 11:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Nexon
[2010/07/29 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Opera
[2010/08/21 10:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PACE Anti-Piracy
[2010/08/29 21:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PalaceChat 3
[2010/08/10 16:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\PriceGong
[2010/11/16 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Publish Providers
[2010/06/13 00:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\SiteRanker
[2010/11/16 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Sony
[2008/06/07 07:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Steinberg
[2010/12/01 23:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Teeworlds
[2009/09/26 20:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Tibia
[2010/07/25 08

02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\Unity
[2011/01/01 15:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\eric\Application Data\uTorrent
[2010/12/12 07:45:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2010/12/12 07:45:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2010/12/31 23:02:17 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2011/01/01 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/12/12 07:45:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/08/11 23:10:39 | 000,000,000 | ---D | M](C:\Documents and Settings\eric\My Documents\?? ???) -- C:\Documents and Settings\eric\My Documents\넥슨 플러그
[2010/08/11 23:10:39 | 000,000,000 | ---D | C](C:\Documents and Settings\eric\My Documents\?? ???) -- C:\Documents and Settings\eric\My Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 1088 bytes -> C:\Program Files\Common Files\Microsoft Shared:g5eqUJyNNE2L8EmILr6ONJ0mc
< End of report >

**broni** · 03-01-2011

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
DRV - File not found [Kernel | Unavailable] -- -- (sstE45)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
IE - HKU\eric_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVe rsion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\eric_ON_C\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [JAMktV3] C:\Program Files\JAMKT v3\JAMktv3.exe File not found
O4 - HKU\eric_ON_C..\Run: [MBXhgpUmtvtD.exe] C:\Documents and Settings\All Users\Application Data\MBXhgpUmtvtD.exe (msql software)
O4 - HKU\eric_ON_C..\Run: [qTkEmDZEjq] C:\Documents and Settings\All Users\Application Data\qTkEmDZEjq.exe (mdisk Corp)
O4 - HKU\eric_ON_C..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK = File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/01/01 15:19:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sstE45.sys
[87 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/01/01 15:22:05 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\eric\Desktop\Easy Scan.lnk
[2011/01/01 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/12/24 00:12:02 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2010/12/19 19:53:42 | 000,001,430 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2010/12/19 19:53:42 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2010/12/19 19:53:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/07/24 09:50:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\d392.sys
[2011/01/01 04:23:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\eric\Application Data\.#
[2011/01/01 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
@Alternate Data Stream - 1088 bytes -> C:\Program Files\Common Files\Microsoft Shared:g5eqUJyNNE2L8EmILr6ONJ0mc

:Services

:Reg

:Files
C:\Program Files\Ask.com


:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

**CameronTs** · 03-01-2011

The Log

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s stE45 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E agleNT deleted successfully.
File C:\WINDOWS\System32\drivers\EagleNT.sys not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\C hanger deleted successfully.
Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000000 0-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
HKU\eric_ON_C\Software\Microsoft\Windows\CurrentVe rsion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8 A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\JAMktV3 deleted successfully.
Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Windows\Cu rrentVersion\Run\\MBXhgpUmtvtD.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\MBXhgpUmtvtD.exe moved successfully.
Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Windows\Cu rrentVersion\Run\\qTkEmDZEjq deleted successfully.
C:\Documents and Settings\All Users\Application Data\qTkEmDZEjq.exe moved successfully.
Registry value HKEY_USERS\eric_ON_C\Software\Microsoft\Windows\Cu rrentVersion\RunOnce\\Shockwave Updater deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\A ctive Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\eric_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Ac tive Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\ Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\A ctive Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\system32\drivers\sstE45.sys moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET108.tmp deleted successfully.
C:\WINDOWS\System32\SET192.tmp deleted successfully.
C:\WINDOWS\System32\SET196.tmp deleted successfully.
C:\WINDOWS\System32\SET19A.tmp deleted successfully.
C:\WINDOWS\System32\SET19E.tmp deleted successfully.
C:\WINDOWS\System32\SET19F.tmp deleted successfully.
C:\WINDOWS\System32\SET1A0.tmp deleted successfully.
C:\WINDOWS\System32\SET1A5.tmp deleted successfully.
C:\WINDOWS\System32\SET1A9.tmp deleted successfully.
C:\WINDOWS\System32\SET1AD.tmp deleted successfully.
C:\WINDOWS\System32\SET1B.tmp deleted successfully.
C:\WINDOWS\System32\SET21.tmp deleted successfully.
C:\WINDOWS\System32\SET243.tmp deleted successfully.
C:\WINDOWS\System32\SET247.tmp deleted successfully.
C:\WINDOWS\System32\SET24B.tmp deleted successfully.
C:\WINDOWS\System32\SET24F.tmp deleted successfully.
C:\WINDOWS\System32\SET250.tmp deleted successfully.
C:\WINDOWS\System32\SET251.tmp deleted successfully.
C:\WINDOWS\System32\SET256.tmp deleted successfully.
C:\WINDOWS\System32\SET25B.tmp deleted successfully.
C:\WINDOWS\System32\SET281.tmp deleted successfully.
C:\WINDOWS\System32\SET2A.tmp deleted successfully.
C:\WINDOWS\System32\SET2B.tmp deleted successfully.
C:\WINDOWS\System32\SET2C.tmp deleted successfully.
C:\WINDOWS\System32\SET2D.tmp deleted successfully.
C:\WINDOWS\System32\SET2EB.tmp deleted successfully.
C:\WINDOWS\System32\SET2EF.tmp deleted successfully.
C:\WINDOWS\System32\SET2F3.tmp deleted successfully.
C:\WINDOWS\System32\SET2F7.tmp deleted successfully.
C:\WINDOWS\System32\SET2F8.tmp deleted successfully.
C:\WINDOWS\System32\SET2F9.tmp deleted successfully.
C:\WINDOWS\System32\SET2FE.tmp deleted successfully.
C:\WINDOWS\System32\SET302.tmp deleted successfully.
C:\WINDOWS\System32\SET306.tmp deleted successfully.
C:\WINDOWS\System32\SET37B.tmp deleted successfully.
C:\WINDOWS\System32\SET37F.tmp deleted successfully.
C:\WINDOWS\System32\SET383.tmp deleted successfully.
C:\WINDOWS\System32\SET387.tmp deleted successfully.
C:\WINDOWS\System32\SET388.tmp deleted successfully.
C:\WINDOWS\System32\SET389.tmp deleted successfully.
C:\WINDOWS\System32\SET38E.tmp deleted successfully.
C:\WINDOWS\System32\SET392.tmp deleted successfully.
C:\WINDOWS\System32\SET396.tmp deleted successfully.
C:\WINDOWS\System32\SET3DD.tmp deleted successfully.
C:\WINDOWS\System32\SET3DE.tmp deleted successfully.
C:\WINDOWS\System32\SET3DF.tmp deleted successfully.
C:\WINDOWS\System32\SET3E0.tmp deleted successfully.
C:\WINDOWS\System32\SET3E1.tmp deleted successfully.
C:\WINDOWS\System32\SET3E2.tmp deleted successfully.
C:\WINDOWS\System32\SET3FD.tmp deleted successfully.
C:\WINDOWS\System32\SET3FF.tmp deleted successfully.
C:\WINDOWS\System32\SET400.tmp deleted successfully.
C:\WINDOWS\System32\SET401.tmp deleted successfully.
C:\WINDOWS\System32\SET402.tmp deleted successfully.
C:\WINDOWS\System32\SET403.tmp deleted successfully.
C:\WINDOWS\System32\SET404.tmp deleted successfully.
C:\WINDOWS\System32\SET405.tmp deleted successfully.
C:\WINDOWS\System32\SET406.tmp deleted successfully.
C:\WINDOWS\System32\SET407.tmp deleted successfully.
C:\WINDOWS\System32\SET408.tmp deleted successfully.
C:\WINDOWS\System32\SET409.tmp deleted successfully.
C:\WINDOWS\System32\SET40A.tmp deleted successfully.
C:\WINDOWS\System32\SET40B.tmp deleted successfully.
C:\WINDOWS\System32\SET40C.tmp deleted successfully.
C:\WINDOWS\System32\SET40D.tmp deleted successfully.
C:\WINDOWS\System32\SET43B.tmp deleted successfully.
C:\WINDOWS\System32\SET45E.tmp deleted successfully.
C:\WINDOWS\System32\SET466.tmp deleted successfully.
C:\WINDOWS\System32\SET467.tmp deleted successfully.
C:\WINDOWS\System32\SET468.tmp deleted successfully.
C:\WINDOWS\System32\SET46D.tmp deleted successfully.
C:\WINDOWS\System32\SET475.tmp deleted successfully.
C:\WINDOWS\System32\SET4E.tmp deleted successfully.
C:\WINDOWS\System32\SET54.tmp deleted successfully.
C:\WINDOWS\System32\SET5C.tmp deleted successfully.
C:\WINDOWS\System32\SET703.tmp deleted successfully.
C:\WINDOWS\System32\SET7C.tmp deleted successfully.
C:\WINDOWS\System32\SET88.tmp deleted successfully.
C:\WINDOWS\System32\SET8F.tmp deleted successfully.
C:\WINDOWS\System32\SET9.tmp deleted successfully.
C:\WINDOWS\System32\SET90.tmp deleted successfully.
C:\WINDOWS\System32\SET92.tmp deleted successfully.
C:\WINDOWS\System32\SET93.tmp deleted successfully.
C:\WINDOWS\System32\SET98.tmp deleted successfully.
C:\WINDOWS\System32\SETA0.tmp deleted successfully.
C:\WINDOWS\System32\SETA2.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET1A1.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET252.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET2FA.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET30.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET38A.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET469.tmp deleted successfully.
C:\WINDOWS\System32\drivers\SET40E.tmp deleted successfully.
C:\WINDOWS\System32\drivers\sstE45.tmp deleted successfully.
C:\WINDOWS\~GLC0000.TMP deleted successfully.
C:\WINDOWS\~GLH0000.TMP deleted successfully.
C:\Documents and Settings\eric\Desktop\Easy Scan.lnk moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\kgt2k.INI moved successfully.
C:\WINDOWS\_isenv31.ini moved successfully.
C:\WINDOWS\_iserr31.ini moved successfully.
C:\WINDOWS\_delis32.ini moved successfully.
C:\WINDOWS\d392.sys moved successfully.
C:\Documents and Settings\eric\Application Data\.# folder moved successfully.
File C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.
ADS C:\Program Files\Common Files\Microsoft Shared:g5eqUJyNNE2L8EmILr6ONJ0mc deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptytemp]Open Notepad and paste it.> in the current context!
Error: Unable to interpret <Save the document as Fix.txt on to a USB flash drive> in the current context!

OTLPE by OldTimer - Version 3.1.43.0 log created on 01032011_175620

**CameronTs** · 04-01-2011

And booting it into normal windows didn't work.

**broni** · 04-01-2011

Tried safe mode?

If so, reboot to OTLPE again, run another scan and post new log.

**CameronTs** · 04-01-2011

Tried safe mode and im running a scan at the moment now.

EasyScan virus

EasyScan virus

Similar Threads

Virus that won't let me open or run any anti-virus software

Do I have a virus?

Virus!

Virus

Virus