vista security 2011

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
←
1
2
3

You cannot start a new topic
This topic is locked

vista security 2011

#31 M Moore

Member

Group: Members
Posts: 21
Joined: 27-March 11

Posted 29 March 2011 - 07:03 PM

As far as I can tell computer is now running fine with no issues or problems.

if there are no additional cleaning steps - are there program(s) you would recommend I could specifically run to ensure virus doesn't return? I'm thinking if for next while I ran dds, tdsskiller, and purchased paid version of Malwarebytes software I could be fairly confident of avoiding a resurgence - make sense?

Mike

***** OTL RESULTS Follow *****
OTL logfile created on: 29/03/2011 7:51:52 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mike\Desktop\playing
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 916.46 Gb Total Space | 398.19 Gb Free Space | 43.45% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.43 Gb Free Space | 29.54% Space Free | Partition Type: NTFS
Drive L: | 89.83 Gb Total Space | 47.84 Gb Free Space | 53.25% Space Free | Partition Type: NTFS

Computer Name: MMOOREXPS2008 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/27 12:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\playing\OTL.scr
PRC - [2011/02/16 16:41:40 | 000,967,168 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/01/20 22:12:22 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/01/04 22:58:02 | 000,397,312 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/04 22:57:32 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/11/12 23:49:36 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/09/20 20:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2010/09/20 20:25:04 | 000,913,552 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/15 08:58:08 | 001,611,264 | ---- | M] (Copernic Inc.) -- C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/08 08:47:20 | 000,073,728 | ---- | M] (r2 studios) -- C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe
PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/11/06 00:39:45 | 002,816,520 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2008/11/06 00:21:41 | 001,548,296 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2008/11/06 00:21:13 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/28 19:46:36 | 000,321,000 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndasmgmt.exe
PRC - [2008/06/28 19:46:32 | 000,275,944 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndassvc.exe
PRC - [2008/06/08 10:24:18 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/12 04:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 04:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/23 15:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/08/22 01:39:12 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM05Mon.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/04/24 18:45:32 | 003,446,512 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/09/28 12:19:34 | 000,126,976 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\SaiMfd.exe
PRC - [2006/09/05 10:12:58 | 000,184,320 | ---- | M] (Saitek) -- C:\Program Files\Saitek\Software\ProfilerU.exe

========== Modules (SafeList) ==========

MOD - [2011/03/27 12:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\playing\OTL.scr
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2007/04/24 18:25:46 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/20 22:12:22 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/01/15 11:22:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/04 22:57:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/09/20 20:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/06 18:24:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/11/18 17:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/28 19:46:32 | 000,275,944 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2008/06/08 10:24:18 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2008/04/28 17:05:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/14 14:25:22 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/12/14 14:25:20 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/12/14 14:25:12 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/12 04:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

========== Driver Services (SafeList) ==========

DRV - [2011/01/04 23:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011/01/04 23:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/04 22:19:18 | 000,235,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 08:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/11/08 17:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/07/03 09:00:48 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/03 09:00:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/07/03 09:00:48 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 05:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/02/26 21:33:20 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/11/12 17:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/12 10:59:19 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/12 10:59:18 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/10/15 19:30:34 | 000,023,432 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV - [2008/06/28 19:47:28 | 000,511,592 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ndasrofs.sys -- (ndasrofs)
DRV - [2008/06/28 19:47:06 | 000,268,008 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\ndasfat.sys -- (ndasfat)
DRV - [2008/06/28 19:46:56 | 000,308,840 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\ndasfs.sys -- (ndasfs)
DRV - [2008/06/28 19:46:54 | 000,297,320 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Stopped] -- C:\Windows\system32\DRIVERS\lfsfilt.sys -- (lfsfilt)
DRV - [2008/06/28 19:46:00 | 000,362,600 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndasscsi.sys -- (ndasscsi)
DRV - [2008/06/28 19:45:58 | 000,135,400 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndasbus.sys -- (ndasbus)
DRV - [2008/06/28 19:45:56 | 000,098,536 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lpx.sys -- (lpx)
DRV - [2008/03/13 09:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 09:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008/01/24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008/01/24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008/01/24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/11/20 03:18:48 | 001,034,496 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/09/12 04:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/09/12 04:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/22 01:39:20 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/08/22 01:39:18 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/08/22 01:39:04 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/01/24 16:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/09/28 05:57:42 | 000,035,072 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006/09/28 05:57:38 | 000,013,824 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006/09/13 07:31:50 | 000,192,000 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0762.sys -- (SaiH0762)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.1

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/23 16:57:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/26 18:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/03/26 18:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/17 09:42:21 | 000,000,000 | ---D | M] (ReminderFox) -- C:\USERS\MIKE\APPDATA\ROAMING\THUNDERBIRD\PROFILES\7M7W4464.DEFAULT\EXTENSIONS\{ADA4B710-8346-4B82-8199-5DE2B400A6AE}

O1 HOSTS File: ([2011/03/27 13:22:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000318.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe (Copernic Inc.)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://otter1.vanaqua.org/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 15:00:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/03/27 15:00:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/27 15:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/27 15:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/27 15:00:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/27 15:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/27 14:51:11 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/03/27 13:21:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/27 12:12:30 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/27 11:23:49 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/03/27 07:27:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\playing
[2011/03/19 18:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RetireWare
[2011/03/19 18:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\RetireWare
[2011/03/19 14:28:48 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/03/17 15:37:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Chromium
[2011/03/09 08:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/03/09 08:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011/03/08 21:12:59 | 000,035,072 | ---- | C] (Saitek) -- C:\Windows\System32\drivers\SaiBus.sys
[2011/03/08 21:12:59 | 000,013,824 | ---- | C] (Saitek) -- C:\Windows\System32\drivers\SaiMini.sys
[2011/03/08 21:12:32 | 000,057,344 | ---- | C] (Saitek) -- C:\Windows\System32\SAIGON.dll
[2011/03/08 21:12:32 | 000,045,056 | ---- | C] (Saitek) -- C:\Windows\System32\SAIKICK.dll
[2011/03/08 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saitek Programming Software
[2011/03/08 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Saitek
[2011/03/08 21:07:55 | 000,192,000 | ---- | C] (Saitek) -- C:\Windows\System32\drivers\SaiH0762.sys
[2011/03/06 15:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YUPLAY
[2011/02/28 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2011/03/29 19:06:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/29 18:58:27 | 000,669,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/29 18:58:27 | 000,132,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/29 18:54:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/29 18:51:15 | 000,002,585 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/03/29 18:51:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/29 18:51:02 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/03/29 18:51:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/29 18:51:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/29 18:50:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/29 18:50:53 | 3485,405,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/27 15:00:05 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/27 14:48:09 | 004,303,726 | ---- | M] () -- C:\Users\Mike\Desktop\SweetTech.exe
[2011/03/27 14:43:50 | 004,303,726 | ---- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/03/27 13:22:01 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/27 09:16:12 | 000,001,356 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2011/03/27 07:33:48 | 206,836,046 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/19 18:07:50 | 000,001,631 | ---- | M] () -- C:\Users\Public\Desktop\RetireWare.lnk
[2011/03/17 08:13:10 | 000,000,215 | ---- | M] () -- C:\Users\Mike\Desktop\Total War SHOGUN 2.url
[2011/03/16 20:29:00 | 000,060,928 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 21:12:32 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Saitek SST Programming Software.lnk
[2011/03/08 21:11:34 | 000,004,704 | ---- | M] () -- C:\Windows\System32\SaiC0762-AD2CCA21-552D-48AD-AC6E-AB3D0FAC8A44.pr0
[2011/03/08 19:58:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2011/03/27 15:00:05 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/27 14:48:06 | 004,303,726 | ---- | C] () -- C:\Users\Mike\Desktop\SweetTech.exe
[2011/03/27 14:14:08 | 3485,405,184 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/27 13:41:08 | 004,303,726 | ---- | C] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/03/27 13:27:25 | 000,002,585 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2011/03/19 18:07:50 | 000,001,631 | ---- | C] () -- C:\Users\Public\Desktop\RetireWare.lnk
[2011/03/17 08:13:10 | 000,000,215 | ---- | C] () -- C:\Users\Mike\Desktop\Total War SHOGUN 2.url
[2011/03/08 21:12:32 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Saitek SST Programming Software.lnk
[2011/03/08 21:11:32 | 000,004,704 | ---- | C] () -- C:\Windows\System32\SaiC0762-AD2CCA21-552D-48AD-AC6E-AB3D0FAC8A44.pr0
[2011/03/08 21:07:55 | 000,921,600 | ---- | C] () -- C:\Windows\System32\SaiC0762.Dll
[2011/03/08 21:07:55 | 000,018,342 | ---- | C] () -- C:\Windows\System32\SaiD0762.pr0
[2011/03/08 21:07:55 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0762_0C.dll
[2011/03/08 21:07:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0762_10.dll
[2011/03/08 21:07:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0762_0A.dll
[2011/03/08 21:07:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0762_07.dll
[2011/03/08 21:07:55 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0762_09.dll
[2011/03/08 21:07:55 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0762_0402.dll
[2011/03/08 21:07:55 | 000,005,120 | ---- | C] () -- C:\Windows\System32\SaiC0762_11.dll
[2011/03/08 21:07:55 | 000,000,306 | ---- | C] () -- C:\Windows\System32\SaiC0762.pr0
[2011/03/08 19:58:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf
[2011/02/12 17:19:54 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/12/15 15:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/10/27 18:13:58 | 000,226,857 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/03 07:10:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/30 19:10:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/30 17:59:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/06 21:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/02/21 00:40:08 | 000,001,356 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2009/12/28 13:13:29 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/17 21:09:45 | 000,000,116 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/21 19:58:16 | 000,000,188 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/10/31 16:16:05 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/10/31 16:16:05 | 000,022,328 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\PnkBstrK.sys
[2009/10/31 16:15:46 | 000,674,600 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/31 16:15:46 | 000,215,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/10/31 16:15:46 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/10/18 14:34:43 | 000,000,092 | ---- | C] () -- C:\Users\Mike\AppData\Local\fusioncache.dat
[2009/09/12 10:59:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/09/12 10:59:18 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/19 20:51:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/19 20:51:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/16 07:51:47 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/07 22:25:04 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\rx_image32.Cache
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/30 16:24:55 | 000,116,841 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/02/18 10:34:30 | 000,003,102 | ---- | C] () -- C:\Windows\Gs.ini
[2008/10/14 07:05:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/10 18:20:13 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/10/10 18:20:13 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/09/13 20:06:24 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/06/08 10:24:18 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2008/06/08 10:24:18 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2008/05/16 14:35:55 | 000,129,900 | ---- | C] () -- C:\Windows\hppins21.dat
[2008/05/04 12:02:48 | 000,000,191 | ---- | C] () -- C:\Windows\WinHelp.ini
[2008/05/02 17:30:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/02 09:22:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/01 17:06:56 | 000,060,928 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/29 00:20:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2008/04/29 00:20:15 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/04/28 16:48:38 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/04/28 16:40:44 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/04/28 16:39:54 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2007/03/13 07:05:14 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,351,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,669,028 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,132,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/21 19:48:38 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Bioshock2
[2010/09/11 17:17:52 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\bppenu11
[2009/06/05 18:24:11 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Braid
[2009/08/08 10:44:31 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Canon
[2010/03/29 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Code Force Limited
[2010/12/29 16:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2009/02/07 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Copernic
[2008/05/16 23:45:45 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DataSafeOnline
[2010/01/09 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GARMIN
[2008/05/04 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GlarySoft
[2008/08/31 08:07:52 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\GRSoftware
[2010/03/19 08:52:43 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Icehole
[2008/10/13 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Image Zone Express
[2008/05/03 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\My Games
[2010/03/13 11:18:51 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Neat
[2010/03/13 11:18:46 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Nuance
[2008/10/13 14:09:23 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\OpenOffice.org
[2008/08/27 14:10:25 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Palo Alto Software
[2008/10/13 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Printer Info Cache
[2009/07/26 11:12:15 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\r2 Studios
[2009/05/02 10:57:28 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Research In Motion
[2009/12/17 21:22:44 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ScanSoft
[2008/09/18 16:09:46 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\SPORE
[2011/03/17 12:25:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\The Creative Assembly
[2010/03/26 18:50:01 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Thunderbird
[2009/06/15 21:51:06 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\tmp
[2010/05/22 17:01:44 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Tropico 3
[2010/02/26 21:36:39 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TrueCrypt
[2009/10/18 14:34:46 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Turbine
[2009/09/12 10:59:48 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Ubisoft
[2011/03/29 18:51:02 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/03/29 07:47:02 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-25 11:30:35

< >

< >

< >

< >

< End of report >

#32 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 29 March 2011 - 07:09 PM

Mike,

Quote

if there are no additional cleaning steps - are there program(s) you would recommend I could specifically run to ensure virus doesn't return? I'm thinking if for next while I ran dds, tdsskiller, and purchased paid version of Malwarebytes software I could be fairly confident of avoiding a resurgence - make sense?

You're logs appear to be clean. We do have some additional clean-up procedures that we need to do to remove the tools we used, but before we do that why don't we go ahead and hold off on doing those steps for right now. I'd like to have you do what you normally do with your computer for a couple of days, and in a couple of days post back and we can proceed with the clean-up procedure or explore other options to see why you keep on getting re-infected.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#33 M Moore

Member

Group: Members
Posts: 21
Joined: 27-March 11

Posted 30 March 2011 - 01:43 PM

OK - will update thread Sunday evening after having used computer through weekend.

#34 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 30 March 2011 - 01:47 PM

#35 M Moore

Member

Group: Members
Posts: 21
Joined: 27-March 11

Posted 03 April 2011 - 07:25 PM

Have been using since last post normally and other than following minor problems has been working fine.

Have run dss a few times and no unexpected new files, or mention of rootkit
Have run tsskiller a couple of times and nothing has been found

**** minor problems ****
While installing update for Adobe reader:
Error 1310. Error writing to file c:\config.msi\pfbed6.tmp verify you have access to that directory
Note: Directory referenced in this message did not exist.

SuperAntispyware program reported
broken file association with registry key HKCR\.exe (Had program correct this)

#36 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 03 April 2011 - 07:27 PM

Were you able to eventually update Adobe Reader?

#37 M Moore

Member

Group: Members
Posts: 21
Joined: 27-March 11

Posted 04 April 2011 - 10:52 AM

Even with error message appeared to complete - and hasn't tried to auto update since then (but I didn't take any action to specifically try and manually update it either).

#38 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 04 April 2011 - 01:34 PM

I am not too worried about that error message. You should be good now. We just need to clean-up our tools.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#39 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 06 April 2011 - 09:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.