BleepingComputer.com: Google Redirects and default browser going back to IE

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Google Redirects and default browser going back to IE

#16 User is offline   metroid788 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 30-May 11

Posted 06 June 2011 - 09:11 PM

how do i know if i select 32-bit or 64-bit?

#17 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 07 June 2011 - 07:35 AM

You're running a 32bit operating system
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#18 User is offline   metroid788 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 30-May 11

Posted 07 June 2011 - 09:20 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\JJ Abulencia\Application Data\Sun\Java\Deployment\cache\6.0\57\458317b9-4b4d7707 moved successfully.
C:\Documents and Settings\JJ Abulencia\Application Data\Sun\Java\Deployment\cache\6.0\20\60c48694-5c2622cd moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\JJ Abulencia\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JJ Abulencia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Alicia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 2988 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Jessie Abulencia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6319198 bytes
->Java cache emptied: 50155344 bytes
->FireFox cache emptied: 2227931 bytes
->Flash cache emptied: 1215424 bytes

User: JJ Abulencia
->Temp folder emptied: 875766717 bytes
->Temporary Internet Files folder emptied: 6699315 bytes
->Java cache emptied: 75679663 bytes
->FireFox cache emptied: 9495261 bytes
->Google Chrome cache emptied: 114813360 bytes
->Flash cache emptied: 737623 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82188 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Roberto Abulencia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 781403 bytes
->Java cache emptied: 26954423 bytes
->Flash cache emptied: 17591 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 26129 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21679 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,117.00 mb


[EMPTYFLASH]

User: Administrator

User: Alicia
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Jessie Abulencia
->Flash cache emptied: 0 bytes

User: JJ Abulencia
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Roberto Abulencia
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06072011_215750

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_22c.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_8c0.dat not found!

Registry entries deleted on Reboot...


OTL logfile created on: 6/7/2011 10:12:38 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\JJ Abulencia\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 284.41 Mb Available Physical Memory | 29.67% Memory free
2.26 Gb Paging File | 1.50 Gb Available in Paging File | 66.58% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.14 Gb Total Space | 148.94 Gb Free Space | 65.28% Space Free | Partition Type: NTFS

Computer Name: D18JR8C1 | User Name: JJ Abulencia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 19:46:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JJ Abulencia\Desktop\OTL.exe
PRC - [2011/05/30 20:03:01 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\JJ Abulencia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/10/17 22:44:15 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\My Documents\New Folder (2)\MouseFix.exe
PRC - [2009/02/06 14:17:38 | 003,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/07 04:37:49 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/25 16:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 16:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 16:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/09/13 18:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2007/01/22 22:19:26 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/15 14:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2006/09/26 17:37:14 | 000,303,104 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
PRC - [2006/08/15 03:38:14 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/25 19:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 19:46:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JJ Abulencia\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2007/01/22 22:25:58 | 000,377,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCL40.DLL
MOD - [2005/11/17 04:33:00 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/06/02 17:26:42 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll -- (Akamai)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/07 04:37:49 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/10/01 15:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/09/13 18:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2007/05/23 13:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/01/16 14:52:26 | 000,072,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2007/01/16 12:25:28 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/15 14:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006/07/25 19:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 19:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/11/17 04:33:52 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/11/17 04:32:56 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/09/15 14:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20110312.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/06/05 18:09:14 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/15 16:20:37 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/04/15 16:20:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 04:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090926.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/25 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090926.002\NAVENG.SYS -- (NAVENG)
DRV - [2009/01/05 19:35:28 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/10/03 12:15:21 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/10/01 15:49:26 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/01 15:49:20 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/01 15:49:16 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/01 15:49:10 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/10/01 15:49:04 | 000,098,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/01 15:48:56 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/12/16 17:30:27 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/12/16 17:28:13 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/15 03:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 07:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/17 04:33:52 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/11/17 04:32:56 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/11/17 04:32:56 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/05/07 06:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?o=101760&l=dis\r\n\r\n\r\n\r\n\r\n\r\n0"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.0
FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/07 21:51:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/07 21:51:03 | 000,000,000 | ---D | M]

[2009/04/23 22:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JJ Abulencia\Application Data\Mozilla\Extensions
[2011/06/07 21:53:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JJ Abulencia\Application Data\Mozilla\Firefox\Profiles\9jw0gll9.default\extensions
[2009/09/04 18:26:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JJ Abulencia\Application Data\Mozilla\Firefox\Profiles\9jw0gll9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/01 19:33:08 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\JJ Abulencia\Application Data\Mozilla\Firefox\Profiles\9jw0gll9.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/04 18:22:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\Application Data\Mozilla\Firefox\Profiles\9jw0gll9.default\searchplugins\ask.xml
[2011/06/07 21:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/09 23:06:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/07 21:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JJ ABULENCIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9JW0GLL9.DEFAULT\EXTENSIONS\{6DD0BDBA-0A02-429E-B595-87A7DFDCA7A1}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JJ ABULENCIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9JW0GLL9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JJ ABULENCIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9JW0GLL9.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JJ ABULENCIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9JW0GLL9.DEFAULT\EXTENSIONS\{F701C26A-479A-4724-B4F1-870DB12F063C}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JJ ABULENCIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9JW0GLL9.DEFAULT\EXTENSIONS\WEBMASTER@KEEP-TUBE.COM.XPI
[2011/06/07 21:10:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/07 21:10:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/07 21:58:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
O9 - Extra 'Tools' menuitem : UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adobe.com ([get] * in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} http://host.oddcast.com/hostClientIE.cab (hostCntrlIE Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx (CoxFastConnect20 Control)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\JJ Abulencia\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JJ Abulencia\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 16:52:37 | 000,000,094 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 21:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/06 19:12:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/06 15:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/06 15:41:34 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\JJ Abulencia\Desktop\esetsmartinstaller_enu.exe
[2011/06/06 15:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JJ Abulencia\Application Data\Malwarebytes
[2011/06/06 15:27:16 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/06 15:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/06 15:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/06 15:27:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/06 15:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/06 15:25:38 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JJ Abulencia\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/06 15:16:14 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\JJ Abulencia\Desktop\mbam-clean.exe
[2011/06/05 20:43:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/05 20:43:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/05 20:43:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/05 20:43:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/05 20:39:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/05 20:39:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/05 20:39:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/05 20:39:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JJ Abulencia\Start Menu\Programs\Administrative Tools
[2011/06/05 20:38:05 | 004,112,084 | R--- | C] (Swearware) -- C:\Documents and Settings\JJ Abulencia\Desktop\ComboFix.exe
[2011/06/05 20:23:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/05 20:18:31 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\JJ Abulencia\Desktop\aswMBR.exe
[2011/06/05 19:45:30 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JJ Abulencia\Desktop\OTL.exe
[2011/05/31 21:30:45 | 000,606,738 | ---- | C] (Swearware) -- C:\Documents and Settings\JJ Abulencia\Desktop\dds.scr
[2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JJ Abulencia\Desktop\TDSSKiller.exe

========== Files - Modified Within 30 Days ==========

[2011/06/07 22:18:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72F5E4BE-C413-4124-8A6C-DB8DF7501732}.job
[2011/06/07 22:12:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6EB14956-D744-4776-AC46-3D001E2D2161}.job
[2011/06/07 22:03:18 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/06/07 22:02:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 22:01:54 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 22:01:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/07 22:01:39 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 21:58:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/07 21:51:19 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/07 21:51:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/07 21:44:02 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 21:56:37 | 000,879,092 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\Desktop\SecurityCheck.exe
[2011/06/06 15:41:38 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\JJ Abulencia\Desktop\esetsmartinstaller_enu.exe
[2011/06/06 15:27:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 15:26:20 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JJ Abulencia\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/06 15:16:09 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\JJ Abulencia\Desktop\mbam-clean.exe
[2011/06/05 20:38:02 | 004,112,084 | R--- | M] (Swearware) -- C:\Documents and Settings\JJ Abulencia\Desktop\ComboFix.exe
[2011/06/05 20:21:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\Desktop\MBR.dat
[2011/06/05 20:18:29 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\JJ Abulencia\Desktop\aswMBR.exe
[2011/06/05 20:08:08 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JJ Abulencia\Desktop\TDSSKiller.exe
[2011/06/05 20:07:16 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\Desktop\tdsskiller.zip
[2011/06/05 19:46:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JJ Abulencia\Desktop\OTL.exe
[2011/06/05 19:41:34 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\Desktop\RKUnhookerLE.EXE
[2011/05/31 21:30:40 | 000,606,738 | ---- | M] (Swearware) -- C:\Documents and Settings\JJ Abulencia\Desktop\dds.scr
[2011/05/31 21:29:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\Desktop\Defogger.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/20 20:00:00 | 000,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Jessie Abulencia.job
[2011/05/19 17:06:27 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/05/19 17:06:26 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\A1808E4450.sys
[2011/05/18 22:18:41 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\JJ Abulencia\Desktop\Microsoft Office Word 2003.lnk

========== Files Created - No Company Name ==========

[2011/06/07 21:51:19 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/06 21:56:40 | 000,879,092 | ---- | C] () -- C:\Documents and Settings\JJ Abulencia\Desktop\SecurityCheck.exe
[2011/06/06 15:27:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 20:43:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/05 20:43:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/05 20:43:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/05 20:43:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/05 20:43:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/05 20:20:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JJ Abulencia\Desktop\MBR.dat
[2011/06/05 20:07:20 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\JJ Abulencia\Desktop\tdsskiller.zip
[2011/06/05 19:41:38 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\JJ Abulencia\Desktop\RKUnhookerLE.EXE
[2011/06/05 19:31:39 | 1005,047,808 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/31 21:29:39 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\JJ Abulencia\Desktop\Defogger.exe
[2010/11/02 22:21:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/01 20:39:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/07 14:36:17 | 000,032,524 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/17 22:16:13 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/18 23:51:59 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2008/08/12 15:36:59 | 000,138,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/08/12 15:36:46 | 000,189,472 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/08/12 15:36:36 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/08/12 15:21:35 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc[1].exe
[2008/08/01 18:39:09 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/21 23:27:30 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/15 20:16:21 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/06/15 20:16:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A1808E4450.sys
[2007/06/02 15:26:35 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/11 20:55:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\JJ Abulencia\Application Data\dvd.bmk
[2007/03/18 20:10:24 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/02/23 21:08:20 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/19 23:04:41 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\JJ Abulencia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/19 22:06:34 | 000,000,790 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/12/28 13:46:04 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\JJ Abulencia\Local Settings\Application Data\fusioncache.dat
[2006/12/16 17:42:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/16 17:32:25 | 000,000,326 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/16 17:27:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/16 17:26:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/16 17:02:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2006/12/16 17:02:33 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/12/16 17:02:33 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/12/16 17:02:33 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/12/16 17:02:32 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/12/16 17:02:32 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/12/16 17:02:32 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/12/16 17:02:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/12/16 17:02:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/16 17:02:31 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/12/16 17:02:31 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/12/16 17:02:31 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/12/16 17:01:22 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 002,056,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,443,156 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,072,296 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/04/11 20:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== LOP Check ==========

[2009/07/25 20:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/04/23 14:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/04/23 15:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2009/12/18 18:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/01/14 21:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/09/17 16:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009/11/12 19:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/09/17 20:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2008/07/18 21:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/11/27 04:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2007/03/18 20:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/25 17:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TPS Business Invoices
[2009/07/25 20:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/18 00:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/14 11:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 19:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 00:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 00:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/17 23:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\BitDefender
[2010/07/08 19:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\BitTorrent
[2008/03/28 22:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\CopyTrans
[2008/03/28 22:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\CopyTransControlCenter
[2009/09/17 17:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\EmailNotifier
[2008/12/25 20:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\ooVoo Details
[2011/04/11 15:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\oovootb
[2009/04/23 23:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\vghd
[2007/03/30 17:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JJ Abulencia\Application Data\Viewpoint
[2011/06/07 22:12:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6EB14956-D744-4776-AC46-3D001E2D2161}.job
[2011/06/07 22:18:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{72F5E4BE-C413-4124-8A6C-DB8DF7501732}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -rb [2004/09/01 12:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -hb [2004/09/01 12:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AMERIC~1.0\accdef.exe -sb [2004/09/01 12:56:32 | 000,016,496 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2004/09/01 12:56:34 | 000,038,000 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\JJ Abulencia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\JJ Abulencia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\JJ Abulencia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\JJ Abulencia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\JJ Abulencia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/03/23 13:49:21 | 001,004,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 19:47:50

< End of report >

#19 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 08 June 2011 - 09:05 AM

What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#20 User is offline   metroid788 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 30-May 11

Posted 08 June 2011 - 02:16 PM

there doesnt appear to be anything wrong at the moment; my default browser was still chrome when i tuned on my computer and i think the google redirects stopped

#21 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 08 June 2011 - 02:22 PM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates


  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.


  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#22 User is offline   metroid788 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 30-May 11

Posted 08 June 2011 - 03:29 PM

========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 06082011_154417

Also, when I get an imac (since this computer is pretty old anyway), is there any risk of an infection from the rootkit that you said may be able to transfer through the network?

#23 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 08 June 2011 - 03:40 PM

There are very few infections that affect Macs, so you should be fine.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#24 User is offline   metroid788 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 30-May 11

Posted 08 June 2011 - 03:42 PM

Alrighty thanks for all your help ST! You can close this now

#25 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 08 June 2011 - 03:46 PM

You're more than welcome! I'm glad that we were able to work together to solve the issues you were experiencing with your computer.

Please take care!

Kindest Regards,
SweetTech.

____________________________________________________

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users